Massimiliano Pala wrote:
> The programs of the last OpenCA-SV tool are now named:
>
> openca-sv
> openca-sign
> openca-verify
>
> so not to have conflicts with other packages.
In the raserver.conf and public.conf the entries point to
/usr/local/bin/openca-sign and /usr/local/bin/openca-verify.
I found no place where i have to point to openca-sv.
But i get the same Error when trying to confirm a Certificate Request:
raserver-error-log:
--------snip------------
Signature OK
Signature OK
Can't call method "verifyChain" on an undefined value at cmds/confirmReq
line 60.
Compilation failed in require at /var/www/cgi-raserver/RAServer line 177.
-------snip-------------
What should i test now? Any idea? Maybe a complete new installation
would help?
I am using:
openssl-SNAP-20010307
OpenCA-0.8.0-20010610
perl v5.6.0
RedHat7.1 on i386
>
> > Is it important, that the Cert-Request is signed with a valid
> > Certificate by the RA-Operator? If so, how does it work to issue the
> > first certificates?
>
> use the 'openca-newcert' script to generate a certificate on the CA
> directly -- this is to be done for the RAOperator's first certificate
> or the public/RAServer web server.
>
> Now the certificate can be found in $CA/export/certs and the key is
> in private/$ser_key.pem -- for the web server simply copy them into
> your conf/ssl.xxx directory and update the server configuration.
>
> Then you will want to use the 'openca-browserexp' script to generate
> the .p12 file ( in $CA/p12 ) for the certificate to be importable into
> Netscape -- for RAOperator only. Then go to the RAOperator's Netscape,
> import the CA certificate and then import the .p12 file.
>
> Now the Operator will be able to sign requests.
The scripts work very fine. Thank you
Sascha
--
******************************************************************
Sascha M�ller
Fachhochschule K�ln, Zentrum f�r Informationstechnologie (ZI),
zentrale Arbeitsstelle Multimedia (zAM)
50678 K�ln, Claudiusstr. 1, Tel: +49-221-8275-3935 Fax:-3131
mailto:[EMAIL PROTECTED], http://www.zi.fh-koeln.de/
PGP-Key: finger [EMAIL PROTECTED]
S/MIME Cryptographic Signature
