I would not presume to know what Michael knows about OpenCA. But you are correct that trusted roots need to be installed into servers to validate the chain. That said, often the software will prompt user to ask if the chain presented can be accepted. (I think Chris indicated that he had installed the root.) Depending on the PKI use, it may be desirable to NOT accept a certificate. This is particularly important if off-the-shelf SSL is being twisted for use as an access control tool (using PIRMA).
From the looks of a later note from Chris, there is difficulty in important the certificate in question into the RA. This might indicate a problem with the certificate or its signature.
If this year is like last, Michael may be writing papers for university.
Bill
Gottfried Scheckenbach wrote:
Hi Chris (and all),
I think, you have only to put cacert.crt of the root ca into the chain directory on the ca server (before importing the singned subca certificate because of chain regeneration). But I'm not shure at all - I have problems in getting my subca running, too... See my mails late in October, please. Is there nobody, who can help? Does anybody know something about Michael - is he in holidays?
Regards, Gottfried
Chris Covell wrote:
Hello Guys,
I need a bit of advice please. I am sure my signing problems within the RA are because I have a sub and root CA. I am running 0.9.1-1 and would like to know...
Do I need to export anything out of the Root CA/RA (like configuration etc) into the Sub CA/RA so that the chain etc is configured properly.
I know some of you are running sub and root combinations so you may have seen this problem before. I don't want to just do this without advice in case I muck something up.
Any help please.
Chris...
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
