Hi Ok, then i will make different SCEP endpoints and different profiles.
Thx for the quick reply. BR Lukas On 15.07.2015 22:22, Martin Bartosch wrote: > Hi, > >> Not all of our SCEP clients support the same signature algorithm. When they >> generate a CSR some have sha1 and others sha256, but the certificate is >> always >> generated with what i configure in profile/default.yaml. >> >> Is there a way to configure the certificate signature algorithm based on the >> CSR signature algorithm? > > Currently not. It is certainly possible to modify the system (it is very > flexible), but we consider the signature algorithm as a part of the CA policy > which should be enforced by the CA and not provided by the end entity. > Certificate profiles can have different signature algorithms, so this is a > way to make the signature algorithm selectable by the requester. > > What you could also do is define a different SCEP endpoint with a different > default certificate profile. Please note that the client actually can request > a profile by using a certificate extension in the CSR. If the server is > properly configured, it can extract the requested profile, map it to an > internal profile name (if necessary) and use the requested profile for > issuance. > >> How can i add a selection field for the signature algorithm >> in the key generation form on the web ui? > > See above. > > The proper way to do this is to define a separate profile with a different > signature algorithm and let the user choose between the the profiles. > > cheers > > Martin > > > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
