Hi dears,
here my report for installing OpenCA-0.8.6 an SuSE8.0.
First I make an update with all patch.rpms from use .
To compile ocspd I need to install openssl-devel-0.9.8-1.
Its easy to download the rpm from openssl and do
rpm -U openssl-devel-0.9.8-1.i386.rpm
I also install
rpm -i --force openssl-0.9.8-1.i386.rpm
The problem with installation of openssl-0.9.8-1 is, is this:
file /usr/bin/c_rehash from install of openssl-0.9.8-1 conflicts with file
from package openssl-0.9.6c-29
file /usr/bin/openssl from install of openssl-0.9.8-1 conflicts with file from
package openssl-0.9.6c-29
file /usr/lib/libcrypto.so.0 from install of openssl-0.9.8-1 conflicts with
file from package openssl-0.9.6c-29
file /usr/lib/libssl.so.0 from install of openssl-0.9.8-1 conflicts with file
from package openssl-0.9.6c-29
I hope this works for the other programms which use openssl too.
The I update the openssl perl-modul (I don't know if it is necessary):
#tar xzf OpenCA-OpenSSL-0.8.43.tar.gz
#cd OpenCA-OpenSSL-0.8.43
#perl Makefile.pl
Can't open perl script "Makefile.pl": No such file or directory
#ls
. .. Changes LICENSE MANIFEST Makefile.PL OpenSSL.pm doc test test.pl
#perl Makefile.PL
Checking if your kit is complete...
Looks good
Writing Makefile for OpenCA::OpenSSL
# make
cp OpenSSL.pm blib/lib/OpenCA/OpenSSL.pm
Manifying blib/man3/OpenCA::OpenSSL.3pm
t# make install
Installing /usr/lib/perl5/site_perl/5.6.1/OpenCA/OpenSSL.pm
Installing /usr/share/man/man3/OpenCA::OpenSSL.3pm
Writing
/usr/lib/perl5/site_perl/5.6.1/i586-linux/auto/OpenCA/OpenSSL/.packlist
Appending installation info to /usr/lib/perl5/5.6.1/i586-linux/perllocal.pod
In configure I miss the entry for scripts/openca-unrevoke:
I edit configure with vi: In line 3233 I added at position 359
scripts/openca-unrevoke with only one blank before and after as limiter to the
other entrys.
At line 3744 I copy this line and replace in the new line newcert with
unrevoke. It looks like this:
"scripts/openca-newcert" ) CONFIG_FILES="$CONFIG_FILES
scripts/openca-newcert" ;;
"scripts/openca-unrevoke" ) CONFIG_FILES="$CONFIG_FILES
scripts/openca-unrevoke" ;;
In configure.in the same problem:With vi I do in line 259 a copy of this line
and replace newcert
with unrevoke. It looks now like this:
scripts/openca-unrevoke
scripts/openca-dblist
The I call configure:
./configure prefix=/home/full-ca --with-user=wwwrun --with-group=nogroup \
--with-ca=/home/full-ca/OpenCA --with-ca-htdocs=/home/full-ca/htdocs-ca\
--with-ca-cgi=/home/full-ca/cgi-ca\
--with-raserver=/home/RAServer \
--with-raserver-htdocs=/home/RAServer/htdocs-raserver \
--with-raserver-cgi=/home/RAServer/cgi-raserver \
--with-public-htdocs=/home/RAServer/htdocs-public\
--with-public-cgi=home/RAServer/cgi-public\
--with-base-url=results-security.de\
--with-org=results-security\
--with-country=DE\
--with-loc=Hannover\
--with-ldap-url=ldap.results-security.de\
--with-ldap-port=389\
--with-ldap-root="cn=LDAP_Manager,c=DE"\
--with-ldap-root-pwd=ajfqfjqfsomethinlikethis
In Makefile ./src/modules/openca-ocspd/src/Makefile in line 95
I delete the entry -lfl. My line looks now like this:
OCSPD_INCLUDE_LIBS = -ldl
Perhaps I do a mistake above, so I have to edit once again:
In scripts/Makefile in line 44 the " must be closed to openca-unrevoke, I
have to delete the space; it looks like this:
openca-unrevoke"
Now I can do
make all
and do
make install
If you type only make it will do a make all. For information do a make info.
Next Problem:
When I generate a CA-Request (step 3: # Generate new CA Certificate Request
(use generated secret key);)
on initialization on http:..full-ca I get this error message in
error_log of apache:
Can't use an undefined value as an ARRAY reference at
/usr/lib/perl5/site_perl/5.6.1/OpenCA/OpenSSL.pm line 234.
I change in /home/full-ca/cgi-ca/cmds/genCAReq near line 57 (before, I try
some things and create debug outputs,
now I don't know anymore the original file in detail, Hint: I thrown away the
L=$l and change the SUBJECT to DN-Parameter.)
#$cryptoShell->genReq( KEYFILE=>"$cakeyFile",
# OUTFILE=>"$careqFile",
# SUBJECT => "Email=$email,CN=$cn,OU=$ou,O=$o,C=$c",
# PASSWD => $pwd );
$cryptoShell->genReq( KEYFILE=>"$cakeyFile",
OUTFILE=>"$careqFile",
DN => ["$email","$cn","$ou","$o","$c"],
PASSWD => $pwd );
Now step 3 works.
Then I do step 5 # Generate Self Signed CA Certificate (from altready
generated request); Is OK.
Before Step 6 # Export CA certificate; I do:
chown root.disk /dev/fd0
chmod 660 /dev/fd0
chmod 666 /dev/fd0
I think, there my be a better solution than give access for everybody to the
floppy.
Perhaps I use sudo and change the cgi-script in that way, that only the
necessary works.
Now I can change to RASserver and do these three steps:
RAServer init/Initialize Database
RAServer init/Import CA certificate The floppy with CA-Certificate must be
present
RAServer init/Rebuild CA Chain
It looks like "all things working fine".
For beginners: the apache and DNS have to be configured:
Listen 80
Listen 443,
-> we use Virtuel hosting, l101 is the name of my setup-PC , this must be in
your DNS
BindAddress l101.intern.results-hannover.de:80
BindAddress l101.intern.results-hannover.de:443
NameVirtualHost l101.intern.results-hannover.de:80
NameVirtualHost l101.intern.results-hannover.de:443
-> then I use include-files
include /home/full-ca/apache.conf
include /home/RAServer/apache.conf
-> For an example the file /home/full-ca/apache.conf, you need an alias in
your DNS for this hostname which point to l101:
<VirtualHost ca.intern.results-hannover.de:80>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/full-ca/htdocs-ca
ServerName ca.intern.results-hannover.de
<Directory "/home/full-ca/htdocs-ca">
Options Indexes FollowSymlinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/home/full-ca/cgi-ca/"
<Directory "/home/full-ca/cgi-ca">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Greetings
--
Dr. Harald Wallus
Results GmbH
Am Listholze 78, D-30177 Hannover
Tel: +49(0)511 90 95 1-23 Fax: +49(0)511 90 95 = 1-90
Email: [EMAIL PROTECTED]
Internet: http://www.results-hannover.de
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
