Hi, if you are using OpenCA::DBI then you must not use any scripts. I just start writing a readme how to initialize OpenCA if you are using a SQL-DB. You can find the file on the ftp-server (ftp.informatik.hu-berlin.de/local/OpenCA/) but it is not the README - only the ideas.
The main trick is the following: * install on the CA-machine the software for the RA too (install-ext) * request a certificate via the public-interface (Role: CA Admin or RA Operator) * edit the request via the interface of the RA * go to the CA-interface * Requests -> PENDING Requests -> issueCertificate * download the certificate into the browser via the public-interface * export the certificate from the browser into a p12-file Christopher Crowley schrieb: > > (it should be in your INSTALL file within the package too... ). > > The install file says: > <SNIP> > 3. Generating Certificates > ========================== > ... > $ cd bin > $ ./issue_certs.bin > </SNIP> This is totally outdated for OpenCA::DBI. > > > > I know it is not so an easy procedure... we'll try to make it easier... > > > > and I realize there are lots of details required to make this user friendly. > I appreciate the effort! I want to handle this via the webinterface with a good README. It works but the README is not ready for use. > > 1. Install the CA > > 2. Generate the CA certificate (priv key, request, etc... ) --> here start the trick > > 3. Use the script openca-newcert: this will issue a new certificate > Available extensions: > > 1 - User Certificate > 2 - Server Certificate > 3 - CA Certificate OpenCA v0.9 use other names. > Importing CA-Certificates into ldap ... > > Cannot write CA-Certificate 9075d41d1e8a95f83821a00355ebf41a > to LDAP > > Cannot write CA-Certificate 4781e59f20767dd25b84c97b28a0e9c8 > to LDAP > > Make CA-Certificate available on the server ...OK. > > Re-Building CA Chain ... FAILED Which command or link do you use? I never see the Re-Building of the CA Chain failing. Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany [OpenCA Core Developer] http://www.openca.org _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
