Hello again:
I read the OSPKI book, which pointed me at the sign.sh
script which helped quite a bit. I'm wondering if anyone can
help me with a few specifics.
So far, how I understand a certificate request gets signed
is:
1) put the CSR into a file.
2) generate a configuration file that specifies:
a) CA information, including which certificate
b) the subject DN
c) the certificate version (SSL v2, v3)
d) any certificate extensions (I'm still hazy on how to
specify certificate extensions; also if I need to
specify any for a cert that's coing to be a browser
client cert, and if so which ones)
e) any other information that's required (can someone fill
me in on any other essential information for tha config
file?)
3) sign the request, a perlish way is
my $cert = `\usr\local\bin\openssl ca -in cert.pem`;
4) do whatever post processing (store it in a DB, etc) needs
to be done
5) send it back to the user.
One more question: can Netscape SPKAC files be converted into
other formats?
--Christopher
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
