alexandru matei schrieb: > > Second, a question about LDAP integration. When new certificates are > issued, on RA they are importe in LDAP. But when it is revoked (or > expired, or certificate is renewed) is the ldap updated (by deleting > the corresponding entries) ?
Actually we don't delete certifcates from LDAP but after your problems with netscape we should start thinking about this problem. > And third, how can a user request a renewal of his certificate? This is actually not implemented. The way could be: RA -- 1. load the archivied CSR 2. remove the signature of the RAO 3. change the serial 4. change the status to RENEW_REQUEST 5. put the serial of the original request into the header 6. sign the hole request A renewed request would be only a signed reference to the old request. This would require a new script to create such a request, some changes in REQ.pm and some changes in issueCertificate to handle renewed requests. What do you think about the process itself? Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
