The EJBCA community should try to follow the excellent Ubuntu Code of Conduct.
- RFC 5280 - Certificate and CRL profile, replaces RFC 3280
- RFC 3280 - Certificate and CRL profile
- RFC 2253 - DN string representation
- RFC 2560 - OCSP
- RFC 5019 - Lightweight OCSP Profile
- RFC 2256 - X.500(96) User Schema for use with LDAPv3
- RFC 2616 - HTTP/1.1
- RFC 2818 - HTTP Over TLS
- RFC 2396 - URI Generic Syntax
- RFC 2595 - Using TLS with IMAP, POP3 and ACAP
- RFC 4945 - IP Security PKI Profile
- RFC 5055 - Server-Based Certificate Validation Protocol (SCVP)
- RFC 4387 - Certificate Store Access via HTTP
MySQL: Create ALTER-scrips automatically to upgrade database from old version to latest development version: http://www.mysqldiff.org/
Add the following options to the JVM by modifying JAVA_OPTIONS in run.sh/cmd.
-Duser.region=SE -Duser.language=sv -Dfile.encoding=ISO-8859-1
For Firefox to be able to verify client certificates the CA-certificates must have the extensions BasicConstraints and AuthorityKeyIdentifier. Client certificates also need AuthorityKeyIdentifier
For MSIE to verify client certs, the ordering in the DN must be strictly the same in both client and CA certs. Possibly that it must also be in a specific order.
There is some bug that required a "nocache" meta tag to eliminate duplicate sending of certificate request. This duplicate sending will result in wrong behaviour, since user status will be wrong.
<HEAD> <META HTTP-EQUIV="Pragma" CONTENT="no-cache" > <META HTTP-EQUIV="Expires" CONTENT="-1" > </head>
Microsoft Knowledge Base documents
- q281245 - Guidelines for Enabling Smart Card Logon with Third-Party Certification Authorities
- q291010 - Requirements for Domain Controller Certificates from a Third-Party CA
- Certificate templates
- Using the Certificate Enrollment Control Properties
- Creating Certificate Requests Using the Certificate Enrollment Control and CryptoAPI
- Lab 5.3.2 - Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel with CA support