Hi Gabriel,
Am 21.04.2017 um 20:43 schrieb Gabriel Sailer: > because of security reason i want to strip not needed features. this is always a good idea! > I want do setup openxpki only for scep certificates. I did not need > server, client or user certificates and so i want to disable this > certificate features. Is this possible? Remove all workflow definitions from ca-one/workflow/def that are not required, scep uses "enrollment" and if you have enable certificate publication it uses "certificate_publishing". crl_issuance does the CRL stuff and I recommend to keep report* and status* as well. You then should adjust the menu structure to not point to remove workflows in the files in uicontrol/. > The clr creation should be done daily per cron/batch and should place > the crl to a webpage on the system. Is this possible with any command > (e.g. openxpkiadm). Create a cron item "openxpkicmd crl_issuance" which will generate a CRL IF REQUIRED (current one expires or new revocations pending), you can control the expiration window with "nextupdate" in crl/default.yaml. Check the publication.yaml in the realms folder, there is an item that writes the item to /tmp, adjust as required to write to your favorite location (runs as openxpki user, make sure permissions allow writing) > The issuing, the Web ssl and SCEP certificates have CRL and Authority > Information and so i have to place the latest status to the given > url. Check the profiles folder, you can find the settings there. best regards Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
