RE: [db-wg] Re: [ncc-services-wg] X.509 authentication in the RIPE Database

["Sanjaya" <]

> On söndag, jul 13, 2003, at 10:48 Europe/Stockholm, Kurt Erik 
> Lindqvist 
> wrote:
> 
> >> In APNIC we use X.509 certificate to secure MyAPNIC (similar to LIR
> >> Portal). Having X.509 auth in the whois db would make a better
> >> integration with this facility.
> >
> > Is this then being widely used? No issues with client support and
> > configurations?
> 
> Do you have your own root-CA, or do you use someone else? If you have 
> your own, how do you distribute the certificate?
> 
>     paf

Hi Patrik,
Yes we run our own root-CA, and the first step is for the client
to install APNIC root CA in its trusted root store.

We're using the OpenCA software (www.openca.org) and modify
it to suit our purpose. When we issue a certificate, an e-mail
containing download url + instruction is sent to the requestor.

Cheers,
Sanjaya