Re: [Pki-users] keygen support in RA

We're good. My colleague, who understands the CA& the profile framework, added a subject parameter& extended the profile we were using; I added this parameter to the package I was posting to the CA, so the CA now picks up the right subject name and signs good certificates. I believe the UI on the CA will support keygen platforms, but the RA wasn't doing this. The CA may not support them well or completely but I think it supported the one that is the most important to us (Safari on MacOS).

The RA didn't, tho, which was not good. I need to do some housecleaning before I provide a patch. I think the things we did could be generalized but at the moment we are only interested in some very basic certificate attributes& that is probably as much as I will do. I would certainly like to have a review& advice on the best way to do this - more in a few weeks. Thanks, ==mwh Michael Helm ESnet/LBNL