Okay, progress. I found --enable-dbi on the configure, and have the CA and
RAserver running using Postgres, each on its own machine.
Is the gist of what you are suggesting below that for the purpose of RA
certificate generation, I enable the RAServer/public functionality on the
CA machine (sharing the CA database). If that's the case, would it be
appropriate to do this in a way that I levae the standard
RAServer/public-gw installation on the separate server box, sharing the CA
database, and enable the RAServer/public-gw functionality (via httpd.conf
for instance) only when I need to create RA keys (or using access controls
to make them only accessible from localhost or somesuch).
--bob
At 03:12 PM 8/2/2001 +0200, Michael Bell wrote:
>Yes. I'm using another method for the initialization with OpenCA::DBI
>(perhaps it works with OpenCA::DB too).
>
>1. install the RAServer/Public-GW on the CA-machine too
>2. reconfigure the Public-GW so that the Public-GW write the requests
>direct into the CA-DBs
>3. approve the request on the CA
>4. export the certs from the CA
>5. reconfigure the RAserver/Public-GW to use their own databases
>6. import the certs into the RAServer
>7. download the cert from the public interface
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-users
