Hi Max,
I am back again and trying to setup up ocsp the richt way!
After I copied Web_Server.ext to OCSP_Server.ext and edited as suggested in /RA/OpenCA/etc/openssl/extfiles I still can not choose to create ocsp-certificate!?
When I try to create that role it says that this role already exist, altough I did not create it! It is possible to create new roles that have new names but now I dont know how they match to filename?
Ok, I'm not Max but I can explain it if you are using 0.9.1 or earlier. The error message appears if one of the following files exists:
OPENCADIR/etc/openssl/extfiles/OCSP_Server.ext
OPENCADIR/etc/openssl/openssl/OCSP_Server.conf
OPENCADIR/etc/rbac/roles/xyz (xyz is the name "OCSP Server" encoded in base64)
There are two possibilities.
1. If you never created this role via the webinterface then there is no base64 encoded role. So remove OPENCADIR/etc/openssl/extfiles/OCSP_Server.ext and OPENCADIR/etc/openssl/openssl/OCSP_Server.conf on the CA. Create the role via the webinterface. Export the configuration to the RA (if they are not on the same server).
2. If you already created the role then you have to create the files OPENCADIR/etc/openssl/extfiles/OCSP_Server.ext and OPENCADIR/etc/openssl/openssl/OCSP_Server.conf too. After this you have to export the configuration from the CA to the RA to publish the new role.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
