Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 626 — #652
i
i
i
i
i
i
i
i
Creating or Revoking a Sub-CA
A sub-CA is created in exactly the same way as a root CA, except it is first
necessary to select the CA in which to create the sub-CA is to be created.
After the program starts, select the required CA from the list and click ‘En-
ter CA’. The first time you enter a CA after the program is started, enter the
password, after which you are taken to a dialog in which the key CA in-
formation is displayed (Figure 26.2). Click ‘Extended...’ and select ‘Create
Sub-CA’. This opens the same dialog as for creating a root CA.
Figure 26.2: YaST CA module - using CA
Note
The validity period for a sub-CA must be fully within the va-
lidity period of the “parent” CA. Because a sub-CA is always
created after the “parent” CA, the uncorrected standard value
leads to an error message. To avoid this, enter a permissible
value for the period of validity.
Note
626 26.1. X.509 Certification with YaST