HI! IMHO it would be very handy... 1. if one could use the command openssl req -name [CA section] to specify the CA definition for which the certificate request is generated. 2. to have a parameter named "req" (similar to "policy") in a CA section to specify a section with the request template (instead of using "openssl req -config" with a separate file which has nothing to do with a CA definition). 3. if the *_default in [ req_distinguished_name ] could be a comma separated list of options, e.g. organizationalUnitName_default = Dept 1.,Administration,Human Resources should only give the possibility to choose from the given options. (pyCA will use this features 2. and 3. ;-) Ciao, Michael. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
