On 10/03/01 09:03 PM, Lukasz Jazgar sat at the `puter and typed: > Louis LeBlanc wrote: > > . . . > > I use iPlanet Webserver. Every instance of this server manages its own > secure database of keys/certificates. Key pairs are generated internally > by server and there is no possibility to import them from file.
Seems a little inflexible. There must be a way to import a cert once it is signed by a CA. What format does it expect? > Yes. It's a solution. > But, if CA has a policy, which requires, that OU of certificate matches > OU of CA? Actually this is the standard method of doing such a thing. I recently had to set up a worldwide secure service with the same CN on all servers. The solution was to set the OU based on the location of the server. All certs were VeriSign signed. > I rather looking for solution such as special parameter or > configuration. Like I said above, that is really what the OU is for. > If there's no such solution, I have another questions. > What's wrong in existance of two certificates, which differ only by > serial number and public key? > Why one entity cannot have two certificates? One entity can have two certs, last I remember we had something like 20, but there is no reason to do so unless they have separate purposes. Hence 'Organizational Unit' would describe a unit within the organization that has a different purpose, like serving content from DC, serving content from LA, Miami, Denver, etc.. The OU should give you a clue where, how, and possibly why content was served. HTH Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Katz' Law: Men and nations will act rationally when all other possibilities have been exhausted. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
