Hello OpenCA-list! first of all... thanks! OpenCA is really neat! Although it's configuration wasn't really straightforward. Took me some time to use DC-style DNs and be able to store certs it into LDAP without loosing strict schema checking. BTW is the CVS broken? I can't download as anonymous anymore...
My last big problem (for now) with OpenCA is signing a Sub-CA request of my Windows CA (all evil 2003 Server). I import the generated CSR (I chose subordinate organizational ca for Windows) in my RA. Edit the request to add the "Subject Alternative Name", sign it, export it to my (root) CA - issue it an send it back to my RA. But when I want to import it in my Windows CA an error pops up saying: "0x80092013 ... chain status revocation server offline" - the CRL URL of the certificate points to https://ca.my.host/pub/crl/cacrl.crl which is a correct configured reachable Apache with mod_ssl using an OpenCA signed cert. I can download the CRL via Browser from the windows machine, and it hasn't expired. I can setup a "root CA" on the Windows Server (which is also a active directory domain controller) which works fine. Before using OpenCA I used openssl to sign the CSR of the Windows Server manually, which worked (not sure about the CRL URL in this case). Has anybody experienced the same? Any advice? Any hint besides not using Windows?! :) I'm really stuck - installing Windows CA back 'n forth - filling up my neat OpenCA cert directory with a whole bunch of certs to be revoked soon. Thanks in advance, Sebastian Rieger ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
