[Djigzo users] How to use external PKI
Manuel.Faux at securesolutions.at
Wed Apr 20 20:33:31 CEST 2011
Ok, in this case I misunderstood the documentation. It only states that CRLs for CA and Sub-CAs are not implemented.
Thank's for your answer.
From: users-bounces at lists.djigzo.com [mailto:users-bounces at lists.djigzo.com] On Behalf Of Martijn Brinkers
Sent: Wednesday, April 20, 2011 8:27 PM
To: users at lists.djigzo.com
Subject: Re: [Djigzo users] How to use external PKI
On 04/20/2011 07:57 PM, Manuel Faux wrote:
> I have an existing PKI outside of Djigzo. So I've created a Sub-CA and imported this CA incl. SKs into Djigzo. As far I understood the documentation, Djigzo does not support CRL-Generation, but the Documentation recommends using a full-blown CA like EJBCA instead.
> Has anyone ever used Djigzo in such a scenario? What is the recommended way to issue and to revoke certificates? I came up with the idea about writing an additional RequestHandler, which uses the EJBCA-API to issue the certificates, but is this necessary?
Djigzo can generate CRLs, click CA en then click on "Create CRL".
Only if you need a more advanced CA, like multiple CAs, use different key usage, use your own extensions etc. it's better to use an external CA.
Djigzo open source email encryption
More information about the Users