"Wong, RYM (Richard)" wrote:
> I have had a look at the file 'appReq' but I found that the parameter
> "$parsed->{HEADER}->{OPERATOR}" is initialized by another parameter
> "$ENV{'SSL_CLIENT_M_SERIAL'}".
> As far as I understand the latter parameter is not initialised at all and so
> the former one is always null.
> I cannot find $ENV{'SIGNER-SERIAL'} AND $ENV{'SIGNER_DN'} in 'appReq'.
> Perhaps I am using the old version of appReq. Please send me your latest
> appReq.
The problem is easy to fix. You have simply to install the mod_ssl for
Apache, enable ssl on the RAServer (a requirement beacuse the RAServer
should be accessed by RA Operators who have a valid certificate) so your
address for accessing the RAServer will start with https:// ... don't
forget to require client authentication and to restrict access to the
RAServer only to certain DN (Subjects) like the ones having OU=RA Operator
or whatever you like best.
So required steps are:
1. Install mod_ssl (it requires you recompile apache);
2. Enable SSL on the RAServer (Apache);
3. Use a valid operator's certificate when accessing the
RAServer;
That's it.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
S/MIME Cryptographic Signature
