Hi Lampa, [ Authenticated Browser Certificate Request ]
This type of request uses a datasource, authenticates to it, and pulls
the information to automatically populate the fields in the certificate
request. It may be useful in environments where you have a class of
users that already have credentials somewhere (eg., the company's
LDAP or the University's LDAP). There are many explanations directly
in the PREFIX/etc/openca/auth_browser_request.xml.template file.
There are some special commands that you can use within the XML config
file that create content dynamically.
$EXEC::[function] - Executes a function and uses the output to populate
the input object. Valid functions are:
* loadDataSources() - generates the list of the configured datasources
in datasources.xml.template
* loadRoles() - generates the list of Roles (or certificate profiles)
* loadLoa() - generates the list of available Level Of Assurance
* loadKeygenMode() - generates the list of Key Generation Modes allowed
for the currently used browser (check the loa.xml config file as well)
* loadKeyTypes() - generates the list of allowed Key Types. Currently
supported are RSA, DSA, ECDSA; the list can be shorter depending on
the capabilities of the browser and the type of current request.
* loadKeyStrengths() - generates the list of allowed Key Strengths.
(check the loa.xml config file for more explanation)
$DATA::[FIELD] - substitute the value with the FIELD value gathered from
the chosen datasource. For example if you want to retrieve the attribute
'givenName' from the datasource, just use $DATA::giveName. Please refer
to the datasources.xml.template file to see how to set the [FIELD] names
correctly.
[ REQUEST STATUS ]
In the configuration of requests, there is an XML field, <requestStatus>..
</requestStatus> which specifies the status the request will be set to
when the request is received. This means that if you want the request
to be in the list of NEW requests, then set this field to NEW. Instead
if you want the requests to be automatically approved (this is useful
for authenticated requests or together with the automatic certificate
issuing tool) just set this field to "APPROVED".
I hope this helps you all,
Best,
Max
lampa mao wrote:
hello all: Now,I have two question in openca-base-1.0.0.2.First: I don't understand the option named "Authenticated Browser Certificate Request" in pub webinterface .I see some information in etc/datasources.xml, and I think this option have something to do with LDAP. But, how it work? what function is the option? could you tell me ?Second : I see a Massimiliano Pala's mail ,which name is "[Openca-Users] New OpenCA v1.0.1 (ten-ten) is available for Download!". This mail describe the major changes over version *MailScanner warning: numerical links are often malicious:* 0.9.3. <http://0.9.3.> I can't understand a sentence in this mail ,which is "Added support for requestStatus to request configuration for automatically approved requests (values can be one of NEW, PENDING, or APPROVED) ". In my opinion, the RA can approved requests(including NEW ,PENDING,APPROVED) automatically when I make some change in configuration file . Do I misunderstand it? Could you explain it?Thank you very much! lampa 2008.10.23
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
