On 06/02/2011 08:04 PM, Mike Helm wrote:
I'm trying to support keygen-provisioned browsers in the RA.
I can do almost everything needed, but I can't figure out how
to get the subject name into the certificate.
I can definitely get the CA to pick up the subject name as
a parameter, but either I am not giving it the right name in the
parameter blob, or something else is amiss. What the CA does
is issue these RA-approved requests with the a subject name the
same as the CA's.
You may try to change policy form "Subject Name Default" to "User
Supplied Subject Name Default" in the profile generating your certificate.
(Non-keygen requests are processed differently and the subject AVAs
should be embedded in the request. It would be nice to be able
to have RA agents edit request subject names before submission, tho.)
You need to customize RA's UI to add subject name components not
provided by current UI.
Help me understand what to do here.
Pki-users mailing list