IETF is the Internet Engineering Task Force.
- RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, replaces RFC 3280
- RFC 2253 - Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
- RFC 2560 - X.509 Internet Public Key Infrastructure Online Certificate Status Protocol (OCSP)
- RFC 5019 - The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments
- RFC 2256 - A Summary of the X.500(96) User Schema for use with LDAPv3
- RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1
- RFC 2818 - HTTP Over TLS
- RFC 2396 - Uniform Resource Identifiers (URI): Generic Syntax
- RFC 2595 - Using TLS with IMAP, POP3 and ACAP
- RFC 4945 - The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
- RFC 5055 - Server-Based Certificate Validation Protocol (SCVP)
- RFC 4210 - Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)
- RFC 4211 - Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)
- RFC 4387 - Certificate Store Access via HTTP
- draft-nourse-scep-20 - Cisco Systems' Simple Certificate Enrollment Protocol (SCEP) draft-nourse-scep-20
MySQL: Create ALTER-scrips automatically to upgrade database from old version to latest development version: http://www.mysqldiff.org/
Add the following options to the JVM by modifying JAVA_OPTIONS in run.sh/cmd.
-Duser.region=SE -Duser.language=sv -Dfile.encoding=ISO-8859-1
- KEYGEN - Key Generation
For Firefox to be able to verify client certificates the CA-certificates must have the extensions BasicConstraints and AuthorityKeyIdentifier. Client certificates also need AuthorityKeyIdentifier
For MSIE to verify client certs, the ordering in the DN must be strictly the same in both client and CA certs. Possibly that it must also be in a specific order.
There is some bug that required a "nocache" meta tag to eliminate duplicate sending of certificate request. This duplicate sending will result in wrong behaviour, since user status will be wrong.
<HEAD> <META HTTP-EQUIV="Pragma" CONTENT="no-cache" > <META HTTP-EQUIV="Expires" CONTENT="-1" > </head>
Microsoft Knowledge Base documents
- q281245 - Guidelines for Enabling Smart Card Logon with Third-Party Certification Authorities
- q291010 - Requirements for Domain Controller Certificates from a Third-Party CA
- Creating Certificate Requests Using the Certificate Enrollment Control and CryptoAPI