Hi,
the RA Token certificate is used to secure SCEP and CMC Traffic, while
there is no real "standard" for this, a regular tls_server certificate
should work with most clients.
Oliver
On 14.10.23 23:53, S W via OpenXPKI-users wrote:
Team,
Can someone describe the correct extensions needed for the RAToken
certificate? I’ve been reading through most of the pki RFCs and the
exact requirements are hard to decipher. Also curious if the RA
Certificate should signed by the Intermediate (ca-signer) and be given
a long lifetime, or if it should be signed by root. Thanks in advance.
I currently have it set for
[ v3_ratoken_extensions ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
extendedKeyUsage = cmcRA, digitalSignature
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
