the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
for more information.
-=item B<nameopt>, B<certopt>
+=item B<name_opt>, B<cert_opt>
these options allow the format used to display the certificate details
when asking the user to confirm signing. All the options supported by
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
- nameopt = ca_default # Subject name display option
- certopt = ca_default # Certificate display option
+ name_opt = ca_default # Subject name display option
+ cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
to rebuild the index file from all the issued certificates and a current
CRL: however there is no option to do this.
-V2 CRL features like delta CRL support and CRL numbers are not currently
-supported.
+V2 CRL features like delta CRLs are not currently supported.
Although several requests can be input and handled at once it is only
possible to include one SPKAC or self signed certificate.
numbers of certificates are present because, as the name implies
the database has to be kept in memory.
-It is not possible to certify two certificates with the same DN: this
-is a side effect of how the text database is indexed and it cannot easily
-be fixed without introducing other problems. Some S/MIME clients can use
-two certificates with the same DN for separate signing and encryption
-keys.
-
The B<ca> command really needs rewriting or the required functionality
exposed at either a command or interface level so a more friendly utility
(perl script or GUI) can handle things properly. The scripts B<CA.sh> and