You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the initial implementation, lightweight sub-CAs sign OCSP
responses with the CA signing certificate.
It should be possible to configure (at creation time) a lightweight
sub-CA to delegate OCSP signing to a dedicated, subordinate OCSP
signing certificate. This will involve:
update API and CLI to have option to specify whether OCSP delegation
should be used, and register the choice with the subCA config.
generating an additional keypair for OCSP signing and ensure the private
key is replicated among replica
create request and sign the OCSP signing certificate
update OCSP responder and/or CertificateAuthority class to, for subCAs using
OCSP delegation, instantiate a SigningUnit for OCSP and use it when signing
OCSP requests.
The text was updated successfully, but these errors were encountered:
This issue was migrated from Pagure Issue #1337. Originally filed by ftweedal (@frasertweedale) on 2015-04-08 09:57:50:
In the initial implementation, lightweight sub-CAs sign OCSP
responses with the CA signing certificate.
It should be possible to configure (at creation time) a lightweight
sub-CA to delegate OCSP signing to a dedicated, subordinate OCSP
signing certificate. This will involve:
update API and CLI to have option to specify whether OCSP delegation
should be used, and register the choice with the subCA config.
generating an additional keypair for OCSP signing and ensure the private
key is replicated among replica
create request and sign the OCSP signing certificate
update OCSP responder and/or CertificateAuthority class to, for subCAs using
OCSP delegation, instantiate a SigningUnit for OCSP and use it when signing
OCSP requests.
The text was updated successfully, but these errors were encountered: