Hi Jack, Jack Disu schrieb: > > 1. When I take the backup of database at CA > it will take the backup( I will use localfile > system instead of floppy). It will create the file > openca-outca.tar. But when I use recovery option of > database(openca::DBI) it will search for the file > openca-inca.tar. It fails. than manually I renamed > the file openca-outca.tar to openca-inca.tar afetr > backup than it will work. I can't rename the file > every time.
This is really easy. You must edit ca.conf. The configuration includes an ExportDevice and an ImportDevice. You must simply use the same file for each device (e.g. openca_device.tar). Normally we use different files because the devices are used for export to and import from the servers which are online. > 2. RA approved certificate from IE/Netscape without any > problem. But in RA when I see the RA approved > request list and click on any request to see > deatails. At right cirner it shown logo of Valid > Signature. When I click on that it will give error > messages command not support yet. I simply forget the command in a Makefile. You must add viewSignature in src/web-interfaces/ra/cmds/Makefile. CVS is fixed. > But in CA interface it showes Signature but when > click on cn name it showes nothing. this was a bug in OpenCA::DBI. A fixed version is available in CVS. The problem is that I now find a bug in viewSignature. The serial of the signer's certificate is not displayed correctly and the link to the certificate is corrupt. I will fix it too. > 3. What is the use of basic request as it will give > p12 and PEM format at RA and CA. but in Public > interface it download only the public key. The basic request is a browser independent way to make a certificate request. Some browsers like konqueror cannot create a request. Also some administrators don't know how to generate a request for their Apache. The basic request generate the private key on the server and encrypt the key with the PIN of the user. The private key (in PKCS#12- or PEM-format) is only available on the RA and CA to protect the key against brute force attacks. The user can only get the private key via an authorized person. Best regards, Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
