Menu
▾
▴
Re: [Ejbca-develop] PKI Tools - hide the complexity
|
From: Tomas G. <to...@pr...> - 2003-05-09 06:59:49
|
Hi, I just noticed that I had the wrong email adress subscribed to=20 ejbca-develop f=F6r 2 weeks, fixed that now... Today is only supported rootCA | subCA The limitation lies in where the chain is built to be returned to=20 clients, and also where keystores are created (PKCS12, JKS, etc). The=20 chain should be general to support any depth of the hierarchy, it=20 requires correct ordering which can be a bit cumbersome. At least it was=20 easier with only two from the beginning. The createCertificate methods in RSASignSession bean that could want som=20 additions are the ones taking a Certificate or PKCS10 as input. With=20 this input we would really like to extract the extensions from the=20 cert/pkcs10 and use as a template (only where allowed off-course) when=20 creating the real cert. Regards, Tomas > On Tuesday 06 May 2003 10:52, Justin Wood wrote: >=20 >>Hi, All >> >>I see these two items in the TODO: >> >>"- Add support for deeper hierarchies than 2 levels of CAs (today only = root >>and CA). >>... >>- Complete implementation of createCertificate() method in SignSessionB= ean" >> >>Would somone please explain the requirements in greater details for the >>first and then describe what is missing in SignSessionBean. >> >>Thanks and regards >>Justin |
