Hy! I have written a little patch which adds a '-nocheck' option to the ca modus which prevents the verification of the CSR's signature upon certificate creation.
Why is this usable: I am working with smartcards which are certified against the german signature-law and therefore have certain restriction on their usage. Especially I (=Trustcenter) am not allowed to use the private key on the card before I hand it to the customer, and therefore also am not allowed to sign a CSR. But since the card never leaves our hands, we are satisfied to sign a CSR with only a dummy signature (but the correct public key, of course). cheers Mathias
openssl-ca-nocheck.patch
Description: Binary data
