Re: [Openca-Users] what happened to openca-addreq?

Wed, 08 Aug 2001 08:11:59 -0700 

Robert Olson wrote:
> 
>    Part 1.1Type: Plain Text (text/plain)

;-D

>I'm also trying to figure out what you meant by this earlier mechanism:

>>1. install the RAServer/Public-GW on the CA-machine too
>>2. reconfigure the Public-GW so that the Public-GW write the requests
>>direct into the CA-DBs
>>3. approve the request on the CA
>>4. export the certs from the CA
>>5. reconfigure the RAserver/Public-GW to use their own databases

This is partly not correct:

>1. install the RAServer/Public-GW on the CA-machine too
named now CA-RAServer and CA-Public-GW

>2. reconfigure the CA-Public-GW so that the CA-Public-GW write the requests
>direct into the CA-DBs

2a. request a certificate with a browser on the CA-machine (which is
offline) via the CA-Public-GW.

>3. approve the request on the CA
3a. download the certificate into the browser on the CA-machine
3b. export the certificate from this browser (passhrase protected)
3c. import the certificate (with the private key) into the standard
browser of the RA Operator

The RA Operator should request then a new certificate for himself via
the regular way because it is possible that every admin off the
CA-machine can get this first certificate.

>>4. export the certs from the CA
5. import them into the regular RAServer

The old fifth step was a logical mistake by me because I mixed the
RAServer on the RAServer-machine and the one on the CA-machine

>My reading of your steps 1-5 was to install RAserver/public-gw onto the CA 
>box, solely for the purpose of issuing RA certs (since the CA is supposed 
>to stay offnet), and manipulate the DBI.conf so that they pointed to the 
database used by the CA (step 2)..

Absolutely correct.

Cheers,

Michael

-- 
----------------------------------------------------------------------------
Michael Bell                             Email: [EMAIL PROTECTED]
Rechenzentrum - Datacenter        Email (work):
[EMAIL PROTECTED]
Humboldt-University of Berlin       Tel.(work): +49 (0)30-2093 2482
Unter den Linden 6                  Fax.(work): +49 (0)30-2093 2959
10099 Berlin
Germany                                              [OpenCA Core
Developer]

http://openca.sourceforge.net

S/MIME Cryptographic Signature

Reply via email to