Re: Role-based access control (RBAC) system of OpenCA is too strict

Hi Roger,

I think the easiest way would be to:
- enable the SSL (with client optional in Apache)
- add a check in the certificate request command that check for the
   existence of the env variable where the client certificate is
   (be sure to enable only your CA's certificate as a valid CA for
    client auth in Apache).

Let me know if you need help with that..

Ciao,
Max


On 08/19/2010 03:37 PM, RogerImpey wrote:
>
> Hi;
>
> Yes, for requesting host/service certificates and for requesting re-keying
> of user certificates, I wish to have the requests authenticated with the
> requestor's own user certificate.
>
>       Roger


--

Best Regards,

        Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                   openca@...
                                                  project.manager@...

Dartmouth Computer Science Dept               Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory                          Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
                                                           -- Isaac Asimov



------------------------------------------------------------------------------
This SF.net email is sponsored by

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
Openca-Users mailing list
Openca-Users@...
https://lists.sourceforge.net/lists/listinfo/openca-users