[Pki-users] keygen support in RA
Mike Helm
helm at fionn.es.net
Fri Jun 3 03:04:45 UTC 2011
I'm trying to support keygen-provisioned browsers in the RA.
I can do almost everything needed, but I can't figure out how
to get the subject name into the certificate.
I can definitely get the CA to pick up the subject name as
a parameter, but either I am not giving it the right name in the
parameter blob, or something else is amiss. What the CA does
is issue these RA-approved requests with the a subject name the
same as the CA's.
(Non-keygen requests are processed differently and the subject AVAs
should be embedded in the request. It would be nice to be able
to have RA agents edit request subject names before submission, tho.)
Help me understand what to do here.
Thanks, ==mwh
Michael Helm
ESnet/LBNL
More information about the Pki-users
mailing list