Martin Bartosch
Martin Bartosch
Precondition: CA passphrase protected by single passphrase (method: plain). On the GUI try to unlock the secret group. Unlocking always fails with the later commits. The same configuration worked fine...
Detect if datavault is available/configured and automatically disable WF options requiring datavault
Although OpenXPKI can work without a datavault certificate, the standard configuration assumes that it exists. It displays a warning if this is not the case but still offers the WF...
In order to support the successors of PKCS#1 1.5 OpenXPKI should be able to use PSS and OAEP padding when creating certificates. Suggestion for configuration layout and implementation hints: ```...
Migrated from sf.net, bug 58: After inserting a certificate with a subject with an escaped comma (e.g. 'CN=Foo,O=Acme\, Inc'), searching for this subject with $dbi->select() on a MySQL database produces...
This change request would change semantics, but not logic of the enrollment interface configuration. The current default "profile" definition in the enrollment configuration is confusing IMO: ``` profile: cert_profile: tls_server...
OpenXPKI already computes a system status based on the availability of infrastructure keys and other information. The validity of an EE certificate must be within the validity of all higher...
The token API is loaded based on the configuration in system.crypto.tokenapi.TYPE. However, it is possible to attach a different token type in the crypto token backend configuration. It is currently...
On the backend a new process is spawned for each request. This is a potential performance issue and should be resolved.
In order to simplify certificate deployment for customers the system should provide an overview page that presents all CA Certificates (grouped by CA hierarchy, allowing to download all components of...