Hello,
we have a standallone e-mail-CA and want to bring
it in our LDAP-directory (LDAP v2 schema).
Now the question is, what ObjectClass to use.
When we use the objectclass certificationAuthority
we also need a 'authorityRevocationList'.
Why no use objectclass 'pkiCA' as defined in RFC2587? Or you can define your own CA objectclass as we have done as SUP of pkiCA.
- is the objectClass certificationAuthorityYou can use objectclasses and attributes whereever you want (but make sure you got a unique OID). So why not use for standalone CAs.
also designet for standallone CAs ?
Usally a CA signs the ARL, which contains a list of revoked subordinate CA certificates. The question 'you signs the revoked Root CA certificate' is a still the Gretchenfrage (sorry, I don't know the english equivalent)
- who signs a authorityRevocationList ( a CA which has signet sub-CAs ) ?
--
Armin Wenz