Hello Oliver,
in our case we needed two things concerning the LDAP
a) to hang the certificate and its serial number under the user entry in
LDAP and not as a different entry, so we also added the attribute
serialNumber.
b)to translate the dn from the certificate to the correspoding LDAP dn
(ui
Martin Bartosch wrote:
I have implemented a caching mechanism that stores a successful
infrastructure and key-online check of the HSM, but this is
basically useless because a new instance seems to be created
for each private key operation. So the infrastructure check
is always performed.
We fo
Hi,
I am trying to fix Johnnys problem with long certificate issuance
duration when using the nCipher token module.
I have implemented a caching mechanism that stores a successful
infrastructure and key-online check of the HSM, but this is
basically useless because a new instance seems to be crea
Massimiliano Pala wrote:
Ok, so what I should do is to have a new "default" token in the token.xml
file and leave the CA token as it is. Therefore the default token will be
used for all operations that are not related to the CA key, right?
Yes, this is exactly the idea.
Michael
--
___
Martin Bartosch wrote:
[...]
I'd suggest to configure the CA token to use the HSM, that way you can
use HSM protected key for certificate and CRL issuance.
The default token could be configured to use the OpenSSL (software)
module but use the OpenSSL -engine option for genrsa to utilize the
hardw
Michael Bell wrote:
Hi,
[...]
Ok, so the token works.
Well... more or less... sometimes it does not create the reference
key file... but it will work soon...
Ok, so what I should do is to have a new "default" token in the token.xml
file and leave the CA token as it is. Therefore the default
Hi,
> Anyway I have a problem when it comes to the CA/RA Operator's certificates
> and KeyPairs. I would like not to use the HSM partition (i.e. generate the
> Key within the HSM) for RA/CA because due to configuration options, it
> could be impossible to export them. Therefore I need a way to use
Hi,
Massimiliano Pala wrote:
I am trying to integrate a new HSM with OpenCA - it is from ERACOM
(somebody
has already experience with OrangeServer ?). I have created a new
OpenCA::Token
called ERACOM and I have successfully used the Key/Certificate creation
process.
Ok, so the token works.
