Thanks for the excellent information Craig. Now, the last question is:
How do i do it? (what are the steps i need to take to configure OpenCA so that the user certs have the emailAddress in the DN?) Thanks! ...alex... On Tue, Dec 03, 2002 at 01:11:24PM +1200, Craig McGregor wrote: > > * I read a message that said that putting email address in the cert is > > deprecated according to the RFCs. Can someone tell me why? > > I think it was with the thought that users e-mail address might change without > invalidating the identity of the user? It is also usually including in >SubjectAltName, > so is duplicated. > > There are also very good reasons for including them, such as ensuring uniqueness > of DN's in a PKI where multiple users have the same name. > > > * Is it possible to have the Email address attribute be "E" instead of > > "EMAILADDRESS"? If so, how would I do this? > > It looks like 'emailAddress' in OpenCA's web interfaces, but once the certificate > is generated you will notice it is actually E= in the DN. ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
