1
<!--#set var="pyca_subtitle" value="FAQ"-->
2
<!--#set var="pyca_pagedescription" value="Frequently Asked Questions"-->
3
<!--#include file="ssi/head.html"-->
4
<!--#include file="ssi/navigation.html"-->
9
I have successfully created a certificate request.
10
The file with suffix .spkac or .pem was stored in directory $dir/newreqs.
11
How to issue the certificate?
15
You have to issue the cert manually by invoking "openssl ca"
19
Cert request created with Netscape or Opera:
22
openssl ca -name [name of CA section] -spkac [pathname of CSR.spkac]
25
Cert request created with M$ IE:
28
openssl ca -name [name of CA section] -in [pathname of CSR.pem]
31
This creates the certificate and stores it into newcerts/ as file
33
Call <a href="files.html#ca-cycle-pub.py">ca-cycle-pub.py</a>
34
afterwards and receive e-mail...
39
Do I need LDAP for deploying pyCA?
42
No. pyCA supports uploading certificates to a LDAP server
43
but all data needed is stored in the directory structure
48
How can I store the issued end-entity certificates on a LDAP host?
51
Mainly the certificates will be <em>replicated</em> by
52
<a href="files.html#certs2ldap.py">certs2ldap.py</a> to a
53
LDAP server by searching existing entries and adding the DER-encoded
54
certificate into attribute <em>userCertificate;binary</em>. Expired
55
certificates may be deleted (use carefully!).<br />
56
New LDAP entries will not be created because most times the LDAP
57
directory structure differs from the cert DN structure. It is
58
up to your LDAP admin to create entries for the end entities.
62
How can I store the CA certificates and CRLs on a LDAP host?
65
<a href="files.html#ca2ldif.py">ca2ldif.py</a> can create a LDIF
66
file of you CA cert hierarchy which you can upload to the LDAP
67
server using the usual tools shipped with your LDAP server software.<br />
68
Currently the CRLs are not updated on a regular basis.
72
It seems that during parsing the lines of openssl.cnf an
73
exception is raised. Why is that happening?
76
Please check that the attribute values of single-valued configuration
77
attributes do not contain a comma. A comma is used if a configuration
78
attribute may have multiple values which are delimited by comma.
79
(Frankly the openssl.cnf syntax and my parser suck both.
80
I wouldn't use openssl.cnf for configuration today anymore.)
101
<!--#include file="ssi/footer.html"-->