I will check with someone who knows about OpenCA, to see what they say.
Steve _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
Tim Polk asked David Cooper (a NIST colleague) to check on the
question that was raised during our meeting yesterday morning. The
question was whether, if we require Subject and Issuer names in X.509
certs to be either just a CN or a CN plus a serialNumber (as a set),
one could use commonly available CA software generate certs. The
answer is that both OpenSSL and an NSS can do this. OpenSSL required
some configuration effort, but David provided the details of the
config params in his response!
- [sidr] multi-value distinguished name question Stephen Kent
- Re: [sidr] multi-value distinguished name question Russ Housley
- Re: [sidr] multi-value distinguished name question Stephen Kent
- Re: [sidr] multi-value distinguished name question Geoff Huston
- Re: [sidr] multi-value distinguished name question Stephen Kent
- Re: [sidr] multi-value distinguished name questi... Geoff Huston
