Hi, > ... maybe I wished to install more than 3 certificates beside the SigG > one. Tharts the reason why I'm asking. I think, this "problem" is worth > thinking about it. With the M$-CA (which i really dont like :o)) it's > possible to issue several certs for the same keypair.
OK, understood. > But I understand .... major changes needs majopr amounts of time. I will > have a look at the code, think, have some nice perl skills myself, can > you point me to the right files ? It's not that complicated. Try the attached patches in lib/cmds and add the keyword AllowPublicKeyReuse "YES" in your etc/servers/ra.conf.template. Don't forget to re-run configure-etc.sh Completely untested, but might work. Of course you have to accept and understand the security implications of reusing keys and issuing multiple certs for one key pair, which may be worth thinking about even with SmartCards. cheers Martin
approveCSR.patch
Description: Binary data
approveCSRnotSigned.patch
Description: Binary data
