>>>>> "GJ" == Graham Jenkins <[EMAIL PROTECTED]> writes:
GJ> On Mon, 2007-01-15 at 16:29 +0100, Diego de Felice wrote:
>> I've done this with a little trick. You must create another command
>> ..
>>
>> On 1/15/07, Matthias Alsmann <[EMAIL PROTECTED]> wrote:
>> > is there a possibility to generate the CRL with a command thus I can
>> > create a cron job that generates my CRL for example every 30 days?
>> >
GJ> I'm confused. I'm assuming that you create the CRL every 30 days (should
GJ> that be 23 days?) on the CA (Offline) machine.
GJ> Then you still have to manually Enroll it to a Lower Level of the
GJ> Hierarchy. And on the RA (Online) machine, you have to Download it from
GJ> a Higher Level.
Well, I'd say that his CA node is not so totally offline, that was
obvious.
And, depending on the usage scenario and the risk profile, that might
not be bad; e.g., a system that is firewalled to allow no incoming
connections at all and only outgoing ssh connections fits many
medium-risk installations.
But even in those scenarios, the question for the CA token passphrase
remains -- I have to say that in the PKI contexts that I've seen,
internal deployments in medium-sized companies or company regions,
HSMs have been a rarity.
Joachim
[Discarded the Cc line; I don't know why you forwarded this also to
the other guys from your organization.]
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: [EMAIL PROTECTED]
Roedermark, Germany
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
