I just tried out the new snapshot (from yesterday). Seems to work quite perfect. I am really impressed by the improvments added compared to the last official release.
I think you mean the real snapshot from CVS HEAD.
It just seems to be some copy-paste bug somewhere because I have problems to initialize my ra database.
I click on initialize database, then I have to enter my login and password and then I get an "object not found" error.
The apache log shows:
[Thu Jun 12 12:18:45 2003] [error] [client 153.45.138.102] script not found or unable to stat: /usr/local/pki/ra_snap/apache/cgi-bin/ca_node, referer: https://10.252.1.90:8081/cgi-bin/ra_node/node?cmd=genDB
Seems like he tries to find the ca_node script while in fact I am in the ra part.
This is not a copy & paste error because every node interface uses the same source code. I think you have a problem with configure_etc.sh. It includes a list of the directories which should be checked and modified. If you install the ca_node and the ra_node on the same system then please check the htdocs/ directories and specify some more exact references to lib (e.g. /openca/lib/servers/ca_node and not /openca/lib/). You need two config.xml for this reason too.
If you see configure_etc.sh then you know what we are doing :) It is a little bit uncomfortable but after the first time you can make your installation via a script which handles the two different config.xml and configure_etc.sh. I have to do it too :)
Something else. Is the scep functionality operational. If yes, is there any documentation somewhere? If no, is support for scep planed and if yes, when do you think that there will be a version supporting it.
This question should be answered by Dalini but I can give a statement too (I hope it is correct). The SCEP support is partly operational. Don't laugh. It works with sscep and Cisco VPN Client but Cisco PIX Firewalls has a little bit different behaviour and Dalini tries to fix the problems. We don't support CRL and cert downloads until now. CRL download will be added. Certificate download will be discussed.
Like for the rest of 0.9.2 there is no documentation but SCEP is really easy to configure.
1. Create a key and certificate (both PEM) for the SCEP server. It uses the same keys and certs like mod_ssl.
2. Go to OPENCADIR/etc/servers/scep.conf.
3. Replace ScepRA* by the correct values.
Now you have a working SCEP server.
Greetings Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
