Since I found following comments about OpenSSL, I am not sure if OpenSSL have made any improvement on it in its latest version. What is the current status about CMP development? Please provide some information for it. "The OpenSSL command-line tool even provides all of the functionality required to set up a minimal CA that can be used in a small organization. The OpenSSL command-line tool's CA functionality was originally intended as an example only, but two of the more popular freely available CA packages, OpenCA and pyCA, use it as their function. As of this writing these tools are still fairly immature, and offer very little that the OpenSSL command-line tool doesn't have (LDAP storage is the notable exception). Since OpenSSL's command-line CA functionality was intended primarily as an example of how to use OpenSSL to build a CA, we don't recommend that you attempt to use it in a large production environment. Instead, it should be used primarily as a tool to learn how PKI work and as a starting point for building a real CA with tools designed specifically for use in a production environment." thanks! John
________________________________ From: Yao John-CJY035 Sent: Thursday, October 30, 2008 11:40 AM To: openssl-users@openssl.org; Yao John-CJY035 Subject: Need help on the information for OpeSSL! Importance: High To whom it concerned, I would like to collect some information for OpenSSL. Following is my request, would you please give me feedback? 1. does OpenSSL support RFC2459(X.509 v3 and CRL v2)? 2. does OpenSSL support LDAP as the certificate and CRL storage now? Is there any document about setup LDAP storage for OpenSSL? 3. what kind of functionalities can be provided for CMP in the latest OpenSSL version? which version is it? 4. is there any document about using CMP for the reference? 5. is there any limitation on the maximum number of the signed certificates by CA created by using OpenSSL? thanks John Yao
