[EMAIL PROTECTED] wrote:
> The two entries in raserver.conf point to the right verify and sign
> programms. But the error still exists.
The programs of the last OpenCA-SV tool are now named:
openca-sv
openca-sign
openca-verify
so not to have conflicts with other packages.
> Is it important, that the Cert-Request is signed with a valid
> Certificate by the RA-Operator? If so, how does it work to issue the
> first certificates?
use the 'openca-newcert' script to generate a certificate on the CA
directly -- this is to be done for the RAOperator's first certificate
or the public/RAServer web server.
Now the certificate can be found in $CA/export/certs and the key is
in private/$ser_key.pem -- for the web server simply copy them into
your conf/ssl.xxx directory and update the server configuration.
Then you will want to use the 'openca-browserexp' script to generate
the .p12 file ( in $CA/p12 ) for the certificate to be importable into
Netscape -- for RAOperator only. Then go to the RAOperator's Netscape,
import the CA certificate and then import the .p12 file.
Now the Operator will be able to sign requests.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
S/MIME Cryptographic Signature
