[openca-users:7] Re: [openca-devel:359] Re: How to generate a RA operator certificate ?

Tue, 27 Jun 2000 11:56:15 -0700 

Le 27/06/2000 � 18:45, Massimiliano Pala tapottait de ses petits doigts :
> > I beg you pardon to bother you like that, but I saw in the
> > FAQ page that you was creating the FAQ itself :)
And it's in the idea of completing the currently "in-construction"
FAQ that I continue on this topic : 
> > 1 - How can I generate a certificate for an RA Operator ?
> >     I tried issue_certs.bin and browser_Export but this
> >     certificate cannot sign a request in the RA
> >     so ... how can I generate a good certif ?
> 
> To generate a certificate for the RA Operator use the issue_certs.bin
> it will generate a key-pair (either the secret key and the public
> one). Then use the browserExport to generate a .p12 file (importable
> in netscape).
Ok, but it's not enough : you must update de DB, using ./importCerts.pl
(using OpenCA-0.2.0-SNAP-20000525)

So (in the FAQ Way :) I think we can postulate on :

How to generate a certificate for an RA Operator ?
==================================================

1/ using shell
--------------
Rationale : if you prefer the shell way... not the best choice I think

- cd $OPENCA installdir (ex: /usr/local/OpenCA)
- cd $OPENCA/bin
- use issue_certs.bin to generate a key-pair, a csr, sign it 
- use importCerts.pl to update the DB
- user browserExport to generate a .p12 file (importable in
  Netscape)

2/ using the Web 
----------------
Rationale : MUST be the way if you want to use a cryptosystem like smart-cards

???
 I dont't know :) but I guess something like :
- use the Secure Server to generate a key (in your Netscape, using your prefered
  cryptosystem and probably a smart-card)
- .... use the csr and sign it directly by the AC ? How (if not using openssl
  directly of course :)


Help this will help Madwolf to build the FAQ :) 

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[EMAIL PROTECTED]  --  http://fumble.org
            "un gob sinon rien !"
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


--------------------------------------------------------------
Per problemi: [EMAIL PROTECTED] oppure (anche meglio)
[EMAIL PROTECTED]  (messaggio con la sola parola HELP)
--------------------------------------------------------------

Reply via email to