[kmf-discuss] signing/verifying certificates with pktool(1)
Jan Pechanec
Jan.Pechanec at Sun.COM
Tue Jan 8 06:01:49 PST 2008
On Tue, 8 Jan 2008, Wyllys Ingersoll wrote:
>> I guess that specifying the policy is exactly what you don't want to
>> do, right?
>>
>> would it use CRL or OCSP responder from the certificate extensions?
>> Would specifying any of that as a command line argument make sense? However,
>> it starts looking like that CA application you said would be better to
>> integrate as a whole.
>>
>Oh, I think I misunderstood your "verify" operation. I was just
>assuming it meant to verify
>the signature. You want to also verify the OCSP/CRL issue, so that
>would involve a bit more.
>I think adding a "policy" option would be necessary so pktool knows
>which policy to apply
>before doing the CRL/OCSP requests.
I didn't need it for my testing now. I'm just exploring the
possibilities. Would be interesting to hear more opinions on this subject.
Jan.
--
Jan Pechanec
More information about the kmf-discuss
mailing list