Re: [OpenCA-Devel] Re: cvs restructuring (was: Re: [OpenCA-Devel] openca-0.9/src/cgi-bin/txt/)

Tue, 23 Oct 2001 01:12:34 -0700 

Robert Joop wrote:
> 
> On 01-10-22 19:24:54 CEST, Michael Bell wrote:
> > Robert Joop wrote:
> > > cgi-bin/cgi-public/conf/DB.conf.in and
> > > cgi-bin/cgi-raserver/conf/DB.conf.in are equal, shouldn't they be joined?
> >
> > Yes, they should be joined and placed in the directory common/conf/.
> 
> this also means that both databases have exactly the same structure?
> do they have the same contents as well?

They should have the same structure and content :-)
 
> > So I would like the following:
> >
> >   src
> >     servers
> >       ca
> >         ca.conf
> >         cgi
> >         htdocs
> >         misc
> >       ra
> >       pub
> >       ocsp
> >     data-exchange
> > >   common
> > >     conf
> > >     images
> > >     lib
> > >     modules
> > >     scripts
> 
> so in theory there could also be 4 hosts, each with a different of the 4
> (or 5) servers, one would only need to keep the databases up-to-date, i.e.
> roughly
>              CSRs  CRTs+CRLs
>            ra -> ca    ->   {ra, pub, ocsp, ldap}
> ?

This is very critical because the content in the databases MUST be
consistent. I would prefer one database for all the servers. If you have
enough money for three or more high performance computers then you have
enough money for a distributed database. Alternatively you can use one
central databaseserver (my favourite). If you use such a construction
then you must use a firewall of cause (but this is strongly recommended
for every PKI-component).

> > Every server has only one file like ca.conf. The other
> > configurationfiles are unique for every server and can be placed in
> > src/common/conf therefore we don't need a directory conf/ for every
> 
> you mean the opposite of what you are saying, right?
> unique (german: einzigartig) would mean that they are all different, but
> you probably mean them to be the same, i.e. uniform (german: einheitlich)?

That's correct (german: peinlich :) ).

Michael
-- 
-------------------------------------------------------------------
Michael Bell                   Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter     Email:  [EMAIL PROTECTED]
Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482
Unter den Linden 6             Fax:  +49 (0)30-2093 2959
10099 Berlin
Germany                                     [OpenCA Core Developer]

http://openca.sourceforge.net

_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to