RE: [Openca-Users] OpenCA-0.8.0 RAServer confirmReq

Thu, 21 Jun 2001 16:04:54 -0700 

Hi

I have just seen the this thread which also describes the problem that I was
having.

The RA pkcs12 cert is in my browser and I just checked that the OpenCA-Tools
package is installed and the openca-sv etc files exist in /usr/local/bin

I did have to edit the raserver.conf and change the settings there from
verify to openca-verify and similarly with sign

So I can now approve a request... but get a small red error after approval
which says:
Signature not valid...
The approved request is

Any comments?

Also when I export the approved request and attempt to import it to the ca
it fails to add it to the DB

Thanks
Tim




-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Massimiliano Pala
Sent: Thursday, June 21, 2001 3:17 PM
To: [EMAIL PROTECTED]
Subject: Re: [Openca-Users] OpenCA-0.8.0 RAServer confirmReq


[EMAIL PROTECTED] wrote:

> The two entries in raserver.conf point to the right verify and sign
> programms. But the error still exists.

The programs of the last OpenCA-SV tool are now named:

        openca-sv
        openca-sign
        openca-verify

so not to have conflicts with other packages.

> Is it important, that the Cert-Request is signed with a valid
> Certificate by the RA-Operator? If so, how does it work to issue the
> first certificates?

use the 'openca-newcert' script to generate a certificate on the CA
directly -- this is to be done for the RAOperator's first certificate
or the public/RAServer web server.

Now the certificate can be found in $CA/export/certs and the key is
in private/$ser_key.pem -- for the web server simply copy them into
your conf/ssl.xxx directory and update the server configuration.

Then you will want to use the 'openca-browserexp' script to generate
the .p12 file ( in $CA/p12 ) for the certificate to be importable into
Netscape -- for RAOperator only. Then go to the RAOperator's Netscape,
import the CA certificate and then import the .p12 file.

Now the Operator will be able to sign requests.

--

C'you,

        Massimiliano Pala

--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                [EMAIL PROTECTED]
                                                     [EMAIL PROTECTED]
http://www.openca.org                            Tel.:   +39 (0)59  270  094
http://openca.sourceforge.net                    Mobile: +39 (0)347 7222 365


_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to