Hi,
I'm running OpenCA from the cvs dated Oct 22. I will now update to the official release openca_0_9_2_0 today.
I have a single machine running the CA+batch+node on one ip address, and the RA with the rest on another ip address. The have separate install directories, separate databases, and both run with https.
I use a self-signed CA cert generated by OpenCA.
I have a need to generate certs (full OpenCA certs with db and ldap, etc) without using the html interface. The batch processor seems to work for me, but after spending a long time looking at the docs and other information (including this mailing list), I don't see any information that might help me.
I've looked at the scripts in the src/scripts directory (openca-addcert, openca-newcert, etc) but they are out of date and do not work with 0.9.2. They have all the wrong directory layout, and are misssing required arguments to the constructors for OpenCA::OpenSSL. The db stuff only talks to dbm, and doesn't load the config files at all. In fact, I got addcert mostly working, but only after spending a day changing it all around. Nevertheless, these scripts, even when they work, do not produce OpenCA conformant reqs and certs.
The batch processor, on the other hand, seems to do a good job, but it has to be started manually from the batch ui interface. This is not always what I need. I don't mind writing code to run the batch process and supply the required arguments (key passphrases, etc), but there is no desciption as to how that can be done. Has anyone tried this? I need to produce certs without the user inetracting at all with OpenCA. I will generate the required info from somewhere else, and build a batch file from it. Then I need to run the batch process through all the steps automatically. Alternatively, working scripts that are like openca-newcert, etc would also be fine, as long as they produce exactly the same results as a regular OpenCA cert process.
Another alternative would be documentation that describes how to handle the entire process with emphasis on what parameters need to be set in the reqs and the certs. I had a look at the batch process script for a new req and it clearly adds a number of parameters to the header that are not there in openca-newcert or in the prova.pl scripts.
Can anyone help me?
Thanks in advance. I wish this were easier, but OpenCA is such a large system and not at all simple to figure out.
Mike
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
