The OpenCA Book: A guide to OpenCA, the Open Certification Authority | ||
---|---|---|
Prev | Chapter 4. The structure of OpenCA | Next |
The Public Servers, or the servers that the users actually have access to, are securely–configured servers that are used to ask for Certificates, deliver them and so on. This is the only entry point to the CA infrastructure, from the hostile Internet.
While perusing the source code, you will see the local Secure RA servers to be described as RAOperators.
Note: The content of this section is subject to change in the future.
This allows the user to import the Certificate of the Certification Authority into her browser. This is a very basic and important procedure and normally takes place only once in the life–time of the Certification Authority Certificate. In other documentation you will see this Certificate to be described as Root Certificate. It is the starting point to enable the client to communicate securely with the Certification Authority.
This leads to the Certificate Revocation List page. Here, the Certificate Revocation List, produced by the Certification Authority, will be imported into the browser or other application.
OpenCA's Certificate Revocation List (DER format)
With this option, a browser–importable Certificate Revocation List is generated to be automaticaly included in the CRL list of the browser. The CRL is in the DER format.
OpenCA's Certificate Revocation List (PEM format)
With this option, the Certificate Revocation List is generated into the PEM format. Similar to above.
OpenCA's Certificate Revocation List (TXT format)
With this option, the Certificate Revocation List is generated into text format. The file generated by this command can be very big.
Initiate the procedure to request a certificate.
This allows the user to retrieve her issued certificate and subsequently import it to the application. The user has received the notification e–mail from the Registration Authority and is prompted with intructions to retrieve the Certificate. In the e–mail, there is a serial number of the Certificate that has to be presented to the RAOperator in order to retrieve the Certificate. The serial number serves as an identification as to which Certificate will be retrieved. It is not used for authentication purposes.
With this option, a list of the issued certificates of this Certification Authority is presented.