Chris Covell wrote:
Michael,
On Wed, 2004-05-19 at 11:32, Michael Konietzka wrote:
Ok, but how should I handle the different keyUsage in certification process?
The OpenCA way of doing this is to have a different "Role" for each certificate type. So I would have a "Sign" role where the key usage is set to: keyUsage = nonRepudiation, digitalSignature extendedKeyUsage: TLS Web client authentication, E-mail protection
and a "Encrypt" role where the key usage is set to: keyUsage = keyEncipherment, dataEncipherment, keyAgreement
OK, done it this way using two different roles and it worked.
Note for ereryone who is editing rbac/roles.xml on the ra/pub machine: If you exchange data from your ca to your ra with "All" (includes configuration), your edited roles.xml will be replaced by the roles.xml of the ca. So folks, if your losing mind (like me) because of the appearance of an old roles.xml, keep in mind to edit the roles.xml on the ca and then export the configuration to the ra. ;-)
Michael
-- Dipl.-Inform. Michael Konietzka Schlund + Partner AG
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
