Hi, (I'm not sure if this mail should go to openca-users or openca-devel. I'm not developing OpenCA as such, but we develope software with OpenCA as a part of it all)
I'm evaluating OpenCA for use as the company CA. I've had about half a day to look at it (finished installing it this morning), and it looks good, but I will need to make some changes. I would be interested in anyone who have done working with these two types of further development: 1) Use of the IBM 4758 cryptographic card as HSM, though the OpenSSL engine mechanism. Is it relatively simple to store keys and do cryptographic operations in hardware with this mechanism, or is it a big job? Is the OpenSSL implementation for this configuration mature enough to use in a real life system, or would it be insecure to trust it, as I understand it has only recently been added to the OpenSSL package? 2) Use OpenCA as a "transaction based" CA rather than a user driver CA. What I mean, is that other servers on our system can talk to the CA and "say" stuff like "Sign this certificate, please", "Revoke this certificate, please" etc. There would have to be some sort of authentication and encryption for the communication, but based on that the CA would do the task it has been asked to do, without being asked for the CA password. Has anyone done this sort of work on OpenCA? As there are two servers in the standard setup of OpenCA, can our servers hook on to the interface between the two, and use the ca server that way? What sort of interface is there between the two? Is this communication encrypted, and if so, how? Hope someone has a comment or an experience to help me here. Thanks in advance! Best regards, Christian rygg ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
