Hello Everybody,
I am back again..:) Thanks to OpenCA group for such a great Job. I sucessfully installed CA, RA, Ldap and all other dependent software packages on Unix and also able to issue all the certificates. In my masters project I am left with one final task. Here I am interested in letting users of the my PKI domain store their documents at a secure storage facility.
My questions are:
1>
I would like to issue a Subordinate CA. I generated the request (CSR) for sub-ca and uploaded it onto the RA server. Now I will have to export it to CA and issue the sub CA cert. But my question is does Open CA has any fornt end interface for the Sub CA as it has for the CA. I mean is there any GUI from where I can upload this sub-ca cert and perform some minimal operation like issue/revoke certs without actually exporting the requests to the root CA. I guess the sub-ca will have the authority to issue the certs by itself without needing the apporaval of root CA.
2>
I have gone through the archeive and found little information on subordinate CA. On one of the replies Michael wrote:
Does it mean that Sub-CA are similar to user certificates atleast for now in open CA and no GUI exists like for CA in OpenCA?.Actually we only support sub-CAs like normal user certificates CA->RAServer->Public-GW->sub-CA sub-CA->RAServer of sub-CA->.... The way which is used for example by Baltimore (CA->sub-CA->RA) is not supported today. Michael
3>
Right now all that I can imagine is manually issuing the certs to clients from the command prompt in unix using the avaialble cert of sub-CA with some unix commands of openssl or java's keytool. Is there a better way? Like GUI to do this.
Thanks for all your time and help... Some backgound on my task below:
Some Background
---------------
Currently for the sub-CA functionality, I have tomcat running on the RA machine where my apache is installed. Tomcat will actually authenticate users (login/password) and check for the previalges and then let then store/retrieve the documents. Ofcourse I am stopping the apache (RA server) to use Tomcat as there are some port conflicts which I will resolve later.
Now once Sub CA recieves any documents, Sub CA operator should be able to encrypt the documents by first generating a key pair (certificate) for the entire life of this user unless requested for a new one). In future communication from this user the sub ca operator will use the existing cert already generated for this user.
Thanks Again for your patience. Any suggestions would be appreciated.
Pavan Sura
Masters in Computer Science
Old Dominion University
Norfolk, Virginia.
Email: [EMAIL PROTECTED]
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* http://join.msn.com/?page=features/virus
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
