Konstantinos Agouros wrote:
>
> Hi,
Hi,
> I am installing the OpenCA-CA-Part on HP's Security Enhanced Linux. For this
> to work I would need (at the moment) need to know 2 things:
Interesting, let us know your results...
> When I try to generate the initial CA-Key I get an error to load key. I see that
> no cakey file is generated. Could someone tell me the Commandline for Openssl
> that is called? Since everything runs chrooted I might need to create some
> stuff by hand that is currently missing.
Well, the command line could change by parameters used. I think something like
this is valid (in general):
$ openssl req -x509 -passin env:pwd -config <path_to_openssl.cnf> \
-days 730 -in <path_to_request_file> -out <path_to_outcert>
remember that the env variable pwd MUST be set in order for openssl to be able
to process (pwd=<passwd_of_ca_secret_key)
> 2nd Question: Since this variant of Linux needs some more information I would
> need to know where exactly the cgi-stuff on the CA-machine needs write-access.
The directory where the write access is needed are:
@raserver@
@ca@
@pubweb@/crl
(I think this is it, but I am not sure, there could be some other places
where write access is needed)
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
S/MIME Cryptographic Signature
