References
References
RFCs
- RFC 5280 - Certificate and CRL profile, replaces RFC 3280
- RFC 3280 - Certificate and CRL profile
- RFC 2253 - DN string representation
- RFC 2560 - OCSP
- RFC 2256 - X.500(96) User Schema for use with LDAPv3
- RFC 2818 - HTTP Over TLS
- RFC 2595 - Using TLS with IMAP, POP3 and ACAP
- RFC 4945 - IP Security PKI Profile
- RFC 5055 - Server-Based Certificate Validation Protocol (SCVP)
MySQL
MySQL: Create ALTER-scrips automatically to upgrade database from old version to latest development version: http://www.mysqldiff.org/
Swedish characters in Java/Jboss
Add the following options to the JVM by modifying JAVA_OPTIONS in run.sh/cmd.
-Duser.region=SE -Duser.language=sv -Dfile.encoding=ISO-8859-1
Netscape/Mozilla Key Generation
For Netscape/Mozilla to be able to verify client certificates the CA-certificates must have the extensions BasicConstraints and AuthorityKeyIdentifier. Client certificates also need AuthorityKeyIdentifier
There is new key generation using javascript, generating a CRMF request:
JavaScript crypto.
Microsoft Internet Explorer Key Generation
For MSIE to verify client certs, the ordering in the DN must be strictly the same in both client and CA certs. Possibly that it must also be in a specific order.
There is some bug that required a "nocache" meta tag to eliminate duplicate sending of certificate request. This duplicate sending will result in wrong behaviour, since user status will be wrong.
<HEAD> <META HTTP-EQUIV="Pragma" CONTENT="no-cache" > <META HTTP-EQUIV="Expires" CONTENT="-1" > </head>
Microsoft Knowledge Base documents
- q281245 - Guidelines for Enabling Smart Card Logon with Third-Party Certification Authorities
- q291010 - Requirements for Domain Controller Certificates from a Third-Party CA
- Certificate templates
- Using the Certificate Enrollment Control Properties
- Creating Certificate Requests Using the Certificate Enrollment Control and CryptoAPI