I've been working on getting some documents and files together to make an easy installation of OpenCA. Here is what I've got so far. I realize it isn't setting things up in the most secure fashion, but I'm hoping to help folks get past the initial steps before getting more complicated.
I'd appreciate any comments or pointers about what might be wrong or unclear in this document.
*** Hi,
It looks like installation all nodes on one machine in one web server. I think it would be better to make installation steps for installing some nodes on separate machines (or at least separate virtual hosts to emulate different machines).
I tried to make all nodes (CA, RA, pub and LDAP) in different location (/data/openca-ca, /data/openca-ra etc) and use different hostnames and virtual hosts in apache. In 0.9.1-8 this is a little problem because somethimes there are absolute links on the same machine for different node (eg. on node in navbar.html there are links to /ca/, /ra/, /pub/, /ldap/ without hostname, but if CA, RA and PUB are on different machines, this doesn't work) and somethimes full URL (in confirm_cert_sign.msg.in link to https://@httpd_host@@httpd_port@). The only web server hostname I can enter in --with-web-host= configure switch, but is it web host of CA, RA or PUB node? Maybe there should be more switches for each possible node (CA, RA, PUB, LDAP) and in source HTML and TXT sheets there should be full URL links.
I hope I understood every switch correct. I made some mod_rewrite rules in apache virtual hosts to run it correctly (https://openca-ra/ca/ -> https://openca-ca/ca/ etc.) and it looks fine, only many click about receiving certificates from apache.
I have tested openca-0.9.2 for a while - is there any chance to solve this inside of installation process or have I to do the same URL rewriting?
Bye.
Robert Wolf.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
