I tested sub CA structure and signing with the following setup
root CA OpenCA 0.9.2 sub ca OpenCA 0.9.2 and 0.9.1
The testing of the client signature works for OpenCA 0.9.2 and 0.9.1 without any problems but I did some mistakes during chain setup until it works.
1. All CA certs must be in seperate files in the chaindirectory.
e.g. cacert.crt (reserved for the local CA cert)
root-ca.crt (Root CA Cert)2. Every certificate must be owned by the webserver or must be readable for the webserver at minimum. The most admins install the root CA cert as root and forget that a root has really restrictive umask.
3. Do not run "make" or "make update" from the console as root. Only run the chain update via the webinterface and then check with "ls -lisa" the permissions in the chain directory.
I have only problems with wrong file permissions during the signature verification.
BTW I found several other bugs in CVS head during the tests so I will publish a new snapshot over the day.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
