> I would like to have a user open a webpage and supply DN info. I would > then like the CGI & client-side scripts to request a certificate from > OpenSSL on the server (Linux) side, return it to the client and have it > imported into the client's (MSIE/Win2K) store.
As an aside, this is exactly what my JSP/java servlet CA "beastmark" is intended to do. It will: - store the certs in a PostgreSQL backend, - generate HTML forms with JSP, making it easy to modify content such as JavaScript and ActiveX controls used on the client side, - 'catch' the forms with Java servlets. Servlets, database triggers, or external applications can handle approvals (moving from 'pending' to 'approved' or 'rejected') status, - publish the results via the standard CA search functions. The database backend is why I've put some effort into defining new PostgreSQL data types and functions. To be really useful you need to have good search capabilities, and a relational database makes this easy. (The other common approach, LDAP, is also covered by using the relational database: make that database the "backend" of the LDAP database.) I had hoped to get the first set of servlets, which handle cert queries, out by today but the sewer line backed up over the weekend. It will hopefully be out within the next few days. This may not solve your immediate needs, but then again it may already have a lot that you can use. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]