Hi, > Can we store the certificate/key password used during certificate request be > stored in the CA database? > So that RA doesn't need to store them separately while requesting > certificates.
By default OpenXPKI hosts the RA and CA component in the same instance. Note that it is possible to separate them, but his is an Enterprise Edition feature and not available in the Community Edition. The following assumes a standard installation with RA and CA on the same system. When using "server side key generation" during a certificate request the system generates a private key for the requested certificate which can later be downloaded by the requester. The private key is encrypted with a user specific password and stored in the datapool. All workflows running in the same PKI Realm can theoretically access the private key if the passphrase is known. The CA component does not need to know the key/passphrase of the certificate to issue, as it only signs the certificate request containing the public key. Cheers, Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
