[openca-users:237] Re: Some Questions from a newbie...

Thu, 08 Feb 2001 04:54:46 -0800 

Massimiliano Pala <[EMAIL PROTECTED]> writes:

> Konstantinos Agouros wrote:
> 
> > I guess (if I remember correctly) the PKCS7 and the CRL-stuff will be most
> > important.
> > First of all I will do a little cgi-debugging, to see, what the router
> > is actually sending. If I understood the Cisco implementation correctly,
> 
> Some time ago I read something about the CISCO SCEP and, if I can remember
> correctly, it does a PKCS#10 request.... but I am not sure...
> 

----[ snip from: Netscape Certification Management System (Instalation
      and Deployment Guide)

Enrollment message format over HTTP or HTTPS:

Cisco uses CEP (Certificate Enrollment Protocol): A certificate
management protocol jointly developed by Cisco Systems and VeriSign,
Inc. CEP governs communication between routers or VPN clients and a
Registration Manager or Certificate Manager.

----[ snip



> > one needs a way to retrieve a ca-certificate (there aren't so many ways to
> > do this \:), to retrieve a crl via ldap (is there a standard-way for this)
> > and to start a certificate request and retrieve the signed certificate.
> > These are all thing that OpenCA can do already one (I guess that's me \:)
> > just has to find out, how a cisco-router does this.
> 
> Yes, anyway some modifications are needed - I suppose - to allow such requests
> to be processed correctly. About CRLs I think there are differences if we
> store it into LDAP v2 or v3 - actually openldap, I think, supports the v2
> protocol and, if the router supports it, the actual attribute where to store
> a crl is the certificaterevocationList;binary - DER formatted. To be checked.


OpenLDAP v 1.2 supports LDAP v2, OpenLDAP v 2.0 supports LDAP v3

Info about PKIX and LDAPv2: RFC 2587


-- 
-------------------------------------------------------------------------
David Rohleder                                          [EMAIL PROTECTED]
Institute of Computer Science, Masaryk University
Brno, Czech Republic
-------------------------------------------------------------------------

_________________________________________________________________
OpenCA - Users Support Mailing List       [EMAIL PROTECTED]

Reply via email to