CPM (Certificate Profile Maker) README
                                                        Ver. 0.2
                                                        2001.12.03

1. What is CPM? 
2. Distribution
3. How to install
4. Contact Information
----------------------------------------------------------------------

1. What is CPM? 

CPM is a CGI-program package for making a certificate profile in XML
format. It simultaneously produces a sample X.509 certificate in XML
format according to the certificate profile. 
CPM supports almost all of the standard extensions defined in RFC2459.
You can specify certificate profile without knowing the detail of the
data structures of each field defined in RFC2459.

You can edit the certificate profile and the sample X.509 certificate
in XML by hand:). Please note that CPM is a cryptography-free package,
therefore the signature verification of the sample X.509 certificate
will almost always fail.

CPM conforms to the X.509 DTD(Document Type Definition) included in
the IBM's XML Security Suite package and the CPM author defined a
certificate profile DTD based on the X.509 DTD. 
Both of those DTDs are included in this version of the package.

You can convert the sample X.509 certificate created by CPM
to ASN.1 format with a XML <-> ASN.1 translator named 
"UnlabelX509Cert" which can be executed with IBM's XML Security Suite 
package .
The UnlabelX509Cert program is included in the "tips" directory of 
the CPM package, though it will be included in the next release of XML 
Security Suite package.

In the future...

 * Certificate profile in XML format is planned to be used for
   creating a CA configuration file.

 * X.509 certificate in XML format is planned to be used as a
   PKI application programmers' reference for more speedy development. 

**********************************************************************
CPM was developed through Internet2 Certificate Profile format
research activities
.
.
**********************************************************************

2. Distribution

CPM is distributed in tar format. After the package is unpacked,
you should end up with the following directory structure.

 ./README
 ./COPYRIGHT
 ./COPYRIGHT.ICAP
 ./conf/
 ./cgi-bin/
 ./etc/
 ./html/
 ./install
 ./lib/
 ./profiles/
 ./tips/

3. How to install

(1) CPM requires the following softwares. Please confirm that those
    softwares are installed on your machine.

   o Apache 
   o Web browser (Netscape, Internet Explorer etc.)
   o Perl (later ver.4.036)

(2) execute a shell script below:  
   # ./install

(3) answer to some questions about command paths.

Please Enjoy!
This package has worked in the environments below:

   * FreeBSD2.2.8
     Apache 1.3.14
     Netscape Navigator 4.72, 4.78
     Perl 5.005_02

4. Limitations

CPM only support dummy values in printableString or IA5String.
For example, even if you choice UTF8String among string sets on CPM, 
the dummy values in a sample X.509 Certificate don't include 
real UTF8String. In this case, an error occurs when you convert 
XML to ASN.1 with the "UnlabelX509Cert" command.
So please edit the sample XML file and input UTF8String with some 
tools.

5. Acknowledgements

I would like to thank the HEPKI-TAG members of Internet2 Middleware 
Initiative and Takeshi Imamura who is the author of IBM's XML Security Suite
package for co-work and valuable discussions about certificate
profiles. 

6. Contact Information

  NEC Corporation
  Mine Sakurai