On Oct 9, 2007, at 2:12 PM, Lippold, Aaron L CIV DISA PEO-GES wrote:
Two questions, first, which conf file holds the OCSP responder hostname that I want my cert to validate to and can I use more than one? Second,has anyone setup CRLs yet and have some docs on it? I need to add that to the OSSG / PKI docs for the linux setup stuff.
I don't think that's supported in NSS at the moment. IIRC, NSS requires the OCSP URI in the AIA field. Bob can say for certain.
I *think* I still have an open bug @ Mozilla on it, but it's been a while since I checked.
Also note that I believe that proxy support for OCSP is still missing in NSS. This is fixed in Firefox & Thunderbird, but only because both of these applications (which embed NSS) have their own URL handler, and the quick fix was to allow an embedding application to register a URL handler callback. This won't work with pam_pkcs11 since it doesn't have a URL handler to register.
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
