Robert Olson wrote:
>
> Okay, progress. I found --enable-dbi on the configure, and have the CA and
> RAserver running using Postgres, each on its own machine.
>
> Is the gist of what you are suggesting below that for the purpose of RA
> certificate generation, I enable the RAServer/public functionality on the
> CA machine (sharing the CA database). If that's the case, would it be
> appropriate to do this in a way that I levae the standard
> RAServer/public-gw installation on the separate server box, sharing the CA
> database, and enable the RAServer/public-gw functionality (via httpd.conf
> for instance) only when I need to create RA keys (or using access controls
> to make them only accessible from localhost or somesuch).
If you mean the following then it is ok ...
Install RAserver and Public-GW like normal but running only one httpd.
If you want to create a new RAServer-cert you change the ScriptAlias,
DocumentRoot etc. in the httpd.conf and the DBI.conf is the same on the
CA, RAServer and Public-GW.
I'm not really understand why you do this. You can use on the CA a
normal httpd where you can use virtual hosts. This is much easier then
to change the httpd but f cause you must create only two requests/certs
- one for the first RAServer and one for the first RA Operator.
Michael
--
----------------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email (work):
[EMAIL PROTECTED]
Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482
Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core
Developer]
http://openca.sourceforge.net
S/MIME Cryptographic Signature
