[Djigzo users] How to use external PKI

Manuel Faux Manuel.Faux at securesolutions.at
Wed Apr 20 20:33:31 CEST 2011

Ok, in this case I misunderstood the documentation. It only states that CRLs for CA and Sub-CAs are not implemented.

Thank's for your answer.

Kind regards,
Manuel Faux

-----Original Message-----
From: users-bounces at lists.djigzo.com [mailto:users-bounces at lists.djigzo.com] On Behalf Of Martijn Brinkers
Sent: Wednesday, April 20, 2011 8:27 PM
To: users at lists.djigzo.com
Subject: Re: [Djigzo users] How to use external PKI

On 04/20/2011 07:57 PM, Manuel Faux wrote:
> Hello,
> I have an existing PKI outside of Djigzo. So I've created a Sub-CA and imported this CA incl. SKs into Djigzo. As far I understood the documentation, Djigzo does not support CRL-Generation, but the Documentation recommends using a full-blown CA like EJBCA instead.
> Has anyone ever used Djigzo in such a scenario? What is the recommended way to issue and to revoke certificates? I came up with the idea about writing an additional RequestHandler, which uses the EJBCA-API to issue the certificates, but is this necessary?

Djigzo can generate CRLs, click CA en then click on "Create CRL".

Only if you need a more advanced CA, like multiple CAs, use different key usage, use your own extensions etc. it's better to use an external CA.

Kind regards,


Djigzo open source email encryption

More information about the Users mailing list