WG co-chair hat OFF
Steve,
I wonder if you wiould mind forwarding on such configuration details
to this list?
Also, this appears to require a documentation change in the res-cert
draft - is that that case? If so what alternate wording is required
for the Issuer and subject name section?
regards,
Geoff
WG co-chair hat OFF
On 10/11/2009, at 11:30 AM, Stephen Kent wrote:
Tim Polk asked David Cooper (a NIST colleague) to check on the
question that was raised during our meeting yesterday morning. The
question was whether, if we require Subject and Issuer names in X.
509 certs to be either just a CN or a CN plus a serialNumber (as a
set), one could use commonly available CA software generate certs.
The answer is that both OpenSSL and an NSS can do this. OpenSSL
required some configuration effort, but David provided the details
of the config params in his response!
I will check with someone who knows about OpenCA, to see what they
say.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
