Hello,
I have an existing PKI outside of Djigzo. So I've created a Sub-CA and imported this CA incl. SKs into Djigzo. As far I understood the documentation, Djigzo does not support CRL-Generation, but the Documentation recommends using a full-blown CA like EJBCA instead.
Has anyone ever used Djigzo in such a scenario? What is the recommended way to issue and to revoke certificates? I came up with the idea about writing an additional RequestHandler, which uses the EJBCA-API to issue the certificates, but is this necessary?
Kind regards,
Manuel Faux
Djigzo can generate CRLs, click CA en then click on "Create CRL".
Only if you need a more advanced CA, like multiple CAs, use different
key usage, use your own extensions etc. it's better to use an external CA.
Kind regards,
Martijn
···
On 04/20/2011 07:57 PM, Manuel Faux wrote:
Hello,
I have an existing PKI outside of Djigzo. So I've created a Sub-CA and imported this CA incl. SKs into Djigzo. As far I understood the documentation, Djigzo does not support CRL-Generation, but the Documentation recommends using a full-blown CA like EJBCA instead.
Has anyone ever used Djigzo in such a scenario? What is the recommended way to issue and to revoke certificates? I came up with the idea about writing an additional RequestHandler, which uses the EJBCA-API to issue the certificates, but is this necessary?
--
Djigzo open source email encryption
Ok, in this case I misunderstood the documentation. It only states that CRLs for CA and Sub-CAs are not implemented.
Thank's for your answer.
Kind regards,
Manuel Faux
···
-----Original Message-----
From: users-bounces(a)lists.djigzo.com [mailto:users-bounces(a)lists.djigzo.com] On Behalf Of Martijn Brinkers
Sent: Wednesday, April 20, 2011 8:27 PM
To: users(a)lists.djigzo.com
Subject: Re: How to use external PKI
On 04/20/2011 07:57 PM, Manuel Faux wrote:
Hello,
I have an existing PKI outside of Djigzo. So I've created a Sub-CA and imported this CA incl. SKs into Djigzo. As far I understood the documentation, Djigzo does not support CRL-Generation, but the Documentation recommends using a full-blown CA like EJBCA instead.
Has anyone ever used Djigzo in such a scenario? What is the recommended way to issue and to revoke certificates? I came up with the idea about writing an additional RequestHandler, which uses the EJBCA-API to issue the certificates, but is this necessary?
Djigzo can generate CRLs, click CA en then click on "Create CRL".
Only if you need a more advanced CA, like multiple CAs, use different key usage, use your own extensions etc. it's better to use an external CA.
Kind regards,
Martijn
--
Djigzo open source email encryption