(hx509.info.gz) Issuing certificates
Info Catalog
(hx509.info.gz) Creating a CA certificate
(hx509.info.gz) Top
(hx509.info.gz) Issuing CRLs
3.2 Issuing certificates
========================
First you'll create a CA certificate, after that you have to deal with
your users and servers and issue certificate to them.
CA can generate the key for the user.
Can receive PKCS10 certificate requests from the users. PKCS10 is a
request for a certificate. The user can specified what DN the user wants
and what public key. To prove the user have the key, the whole request
is signed by the private key of the user.
3.2.1 Name space management
---------------------------
What people might want to see.
Re-issue certificates just because people moved within the organization.
Expose privacy information.
Using Sub-component name (+ notation).
3.2.2 Certificate Revocation, CRL and OCSP
------------------------------------------
Sonetimes people loose smartcard or computers and certificates have to
be make not valid any more, this is called revoking certificates. There
are two main protocols for doing this Certificate Revocations Lists
(CRL) and Online Certificate Status Protocol (OCSP).
If you know that the certificate is destroyed then there is no need to
revoke the certificate because it can not be used by someone else.
The main reason you as a CA administrator have to deal with CRLs however
will be that some software require there to be CRLs. Example of this is
Windows, so you have to deal with this somehow.
Info Catalog
(hx509.info.gz) Creating a CA certificate
(hx509.info.gz) Top
(hx509.info.gz) Issuing CRLs
automatically generated byinfo2html