( Issuing certificates

Info Catalog ( Creating a CA certificate ( Top ( Issuing CRLs
 3.2 Issuing certificates
 First you'll create a CA certificate, after that you have to deal with
 your users and servers and issue certificate to them.
 CA can generate the key for the user.
 Can receive PKCS10 certificate requests from the users. PKCS10 is a
 request for a certificate. The user can specified what DN the user wants
 and what public key. To prove the user have the key, the whole request
 is signed by the private key of the user.
 3.2.1 Name space management
 What people might want to see.
 Re-issue certificates just because people moved within the organization.
 Expose privacy information.
 Using Sub-component name (+ notation).
 3.2.2 Certificate Revocation, CRL and OCSP
 Sonetimes people loose smartcard or computers and certificates have to
 be make not valid any more, this is called revoking certificates. There
 are two main protocols for doing this Certificate Revocations Lists
 (CRL) and Online Certificate Status Protocol (OCSP).
 If you know that the certificate is destroyed then there is no need to
 revoke the certificate because it can not be used by someone else.
 The main reason you as a CA administrator have to deal with CRLs however
 will be that some software require there to be CRLs. Example of this is
 Windows, so you have to deal with this somehow.
Info Catalog ( Creating a CA certificate ( Top ( Issuing CRLs
automatically generated byinfo2html