[Date Prev][Date Next]
Re: how to bring a CA into directory
Klaus Lemkau wrote:
we have a standallone e-mail-CA and want to bring
it in our LDAP-directory (LDAP v2 schema).
Now the question is, what ObjectClass to use.
When we use the objectclass certificationAuthority
we also need a 'authorityRevocationList'.
Why no use objectclass 'pkiCA' as defined in RFC2587?
Or you can define your own CA objectclass as we have done as SUP of pkiCA.
- is the objectClass certificationAuthorityYou can use objectclasses and attributes whereever you want (but make
sure you got a unique OID). So why not use for standalone CAs.
also designet for standallone CAs ?
Usally a CA signs the ARL, which contains a list of revoked subordinate
CA certificates. The question 'you signs the revoked Root CA
certificate' is a still the Gretchenfrage (sorry, I don't know the
- who signs a authorityRevocationList
( a CA which has signet sub-CAs ) ?