On 01-10-22 19:24:54 CEST, Michael Bell wrote:
> Hi,
>
> the most important things are not the two or three servers. The most
> important things are the (two) databases. The logical diversion works
> like this
>
> offline-db
> ----------
> * ca
>
> online-db
> ---------
> * ra
> * publi-gw
> * SCEP
i think we agree 100%, we just phrase ourselves slightly differently.
my separation into (offline) ca host and ext(ernally accessible,
i.e. online) host is the same as yours.
i also agree with your view that the data (keys, certificates, CRLs) are
the center about which the interfaces (web, ldap, ocsp) revolve.
> Robert Joop wrote:
> > cgi-bin/cgi-public/conf/DB.conf.in and
> > cgi-bin/cgi-raserver/conf/DB.conf.in are equal, shouldn't they be joined?
>
> Yes, they should be joined and placed in the directory common/conf/.
this also means that both databases have exactly the same structure?
do they have the same contents as well?
> So I would like the following:
>
> src
> servers
> ca
> ca.conf
> cgi
> htdocs
> misc
> ra
> pub
> ocsp
> data-exchange
> > common
> > conf
> > images
> > lib
> > modules
> > scripts
so in theory there could also be 4 hosts, each with a different of the 4
(or 5) servers, one would only need to keep the databases up-to-date, i.e.
roughly
CSRs CRTs+CRLs
ra -> ca -> {ra, pub, ocsp, ldap}
?
> Every server has only one file like ca.conf. The other
> configurationfiles are unique for every server and can be placed in
> src/common/conf therefore we don't need a directory conf/ for every
you mean the opposite of what you are saying, right?
unique (german: einzigartig) would mean that they are all different, but
you probably mean them to be the same, i.e. uniform (german: einheitlich)?
> server. It is not important what we see behind a server. I think it's
> only important that every server is only a method to manipulate or use a
> database (which have at every time the same structure). This
> So what do you think? Is the abstraction to radical?
yes, definitely!
i clears up too many things. ;-)
rj
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
