RFC 2511 defines ASN.1 syntax for putting multiple certificate request
into one message:
CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
CertReqMsg ::= SEQUENCE {
certReq CertRequest,
pop ProofOfPossession OPTIONAL,
-- content depends upon key type
regInfo SEQUENCE SIZE(1..MAX) of AttributeTypeAndValue
OPTIONAL }
It is also possbile to concatentat several PEM-encoded requests into one
text file.
However, OpenSSL CA command seems to not support such syntax.
man ca says:
-in filename
an input filename containing a single certificate
request to be signed by the CA.
Question is - how widespread is use of this syntax, is there any
real-world CA which understand CertReqMessages sequence.
It seems simple enough to support this syntax above openssl binary in
the scripts which process incoming requests.
But is this really
neccessary, or there are good sequirity reasons to require people which
write key generation software to process each certificate request as
separate entity, even if several keys (say signature key and key
encipherment key) are generated simultaneously?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
