Very nice tutorial http://pki-tutorial.readthedocs.org/en/latest/
So the issue is that there is no real Certificate Management Trust system available handling concurrency issues for a Database that works seamless with revocation commands and OCSP responder. For example, using an OCSP responder that is in the know for changes in the list of certs status when commands are issued for revocation and when new certs are issued. OpenSSL is great to issue real-world PKIs and use the API for cryptographic functions. I am a happy user there. But you have to find something for a secure Key store as well as something to track status that an OCSP can be in the know, manage expiration in this keystone, reissue certs and revocate certs for this key store and all in the know by an OCSP. Is this true? I was looking at www.OpenCA.org as they have an OCSP which can integrate to a DB. JKS can be used to secure store keys, but of course I need something to manage expiration of keys auto-magically. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-ca-revoke-tp45896p45900.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
