Michael Bell wrote:
Nuno Miguel Neves wrote:Well, no error here. It installs everything.
I'll do it, bu you went a bit too fast for me. :-)
What exactly do you want me to do?
./configure make make install-online
This is ok for a first analysis because we can see in this protocol if there is something going wrong during the installation.
I send it in attach.send you the config.xml and the options file?
If we don't find a mistake until make install-online then this is the second step but first we should check the protocol until make install-online for potential problems.I don't exactly understand what you mean by that. I am trying to initialize them
BTW I hope you use the node interface to initialize the online components because the phase I options only appear on the CA interface.
PS- I sent directly to you because I think this is something not general enough to send to the list. :-)
It is better to send the mail to the list because my IMAP folder is not searchable by google and mail-archive.com ;)
Michael
BTW, I made a grep for "Import configuration" in the entire source tree, but the only match is on some CA stuff. Is the procedure for initializing the RA still the same as the manual says?
Thanks,
--
[EMAIL PROTECTED] Dept. Informatica, Fac. Ciencias,
|\ | |\ | Tel: +351 21 7500528 Univ. Lisboa, Bloco C5, Campo Grande
| \|uno | \|eves Fax: +351 21 7500084 1700 Lisboa, Portugal
<openca>
<software_config>
<!--
########################################################
USAGE WARNING
########################################################
If yo change this file then you must change all files in
etc which has the suffix .template. Please do this with
the script openca-configure.
Example:
template: servers/ca.conf.template
openca-configure config.xml servers/ca.conf.template servers/ca.conf
If you don't do this then you have an inconsistent
OpenCA installation. So this warning is serious.
You can update all templates with a simple bash script.
configure_etc.sh is such a script and demonstrates the
usage of openca-configure.
2003-Mar-12, Michael Bell <[EMAIL PROTECTED]>
-->
<prefix>@</prefix>
<suffix>@</suffix>
<!-- =========== -->
<!-- HSM support -->
<!-- =========== -->
<option>
<name>openssl_engine</name>
<value></value>
</option>
<option>
<name>hsm_utility</name>
<value></value>
</option>
<option>
<name>hsm_slot</name>
<value></value>
</option>
<option>
<name>appid</name>
<value></value>
</option>
<!-- =============== -->
<!-- general options -->
<!-- =============== -->
<option>
<name>default_language</name>
<value>C</value>
</option>
<option>
<name>ca_organization</name>
<value>CaberNet</value>
</option>
<option>
<name>ca_locality</name>
<value>Europe</value>
</option>
<option>
<name>ca_country</name>
<value>EU</value>
</option>
<option>
<name>sendmail</name>
<value>/usr/lib/sendmail -n -t </value>
</option>
<option>
<name>send_mail_automatic</name>
<value>yes</value>
</option>
<option>
<name>service_mail_account</name>
<value>[EMAIL PROTECTED]</value>
</option>
<option>
<name>policy_link</name>
<value>https://pki.research.ec.org/pub/policy.html</value>
</option>
<!-- ======================== -->
<!-- web server configuration -->
<!-- ======================== -->
<option>
<name>httpd_protocol</name>
<value>https</value>
</option>
<option>
<name>httpd_host</name>
<value>pki.research.ec.org</value>
</option>
<option>
<!-- please include the colon if you specify a port -->
<!-- please remember this is dependend from httpd_protocol -->
<name>httpd_port</name>
<value>:443</value>
</option>
<option>
<name>menu_logo_left</name>
<value>
<!-- Here you can put references to the logo, you can use
any html reference you want but please keep in mind that:
no <> are allowed, use instead < and > rispectively.
example:
<img src="https://xyz.org/mylogo.jpg"; alt="XYZ Logo"/>
-->
</value>
</option>
<option>
<name>menu_logo_right</name>
<a href="__HTDOCS_PREFIX__/thanks.html">
<img src="__HTDOCS_PREFIX__/images/openca-logo.png" alt="OpenCA Logo"/>
</a>
<value></value>
</option>
<option>
<!--
You can add more CDPs here. Please enter one CDP per line.
This is the content of an OpenSSL configuration section.
Example:
URI.1=http://cdp1.xyz.de/pub/crl/cacrl.crl
URI.2=ldap://cdp2.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE
URI.3=http://cdp2.xyz.de/pub/crl/cacrl.crl
URI.4=ldap://cdp1.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE
-->
<name>CRLDistributionPoints</name>
<value>
URI.1=http://pki.research.ec.org/pub/crl/cacrl.crl
</value>
</option>
<option>
<name>NS_CRLDistributionPoint</name>
<value>http://pki.research.ec.org/pub/crl/cacrl.crl</value>
</option>
<!-- ========================= -->
<!-- ldap server configuration -->
<!-- ========================= -->
<option>
<name>ldap_host</name>
<value>ldap.research.ec.org</value>
</option>
<option>
<name>ldap_port</name>
<value>389</value>
</option>
<option>
<name>ldaproot</name>
<value>cn=Manager, o=Cabernet, c=eu</value>
</option>
<option>
<name>ldaprootpwd</name>
<value>LDAPpasswd</value>
</option>
<option>
<name>useLDAP</name>
<value>yes</value>
</option>
<option>
<name>update_ldap_automatic</name>
<value>yes</value>
</option>
<!-- ====================== -->
<!-- database configuration -->
<!-- ====================== -->
<option>
<name>dbmodule</name>
<!-- you can use DB or DBI -->
<value>DBI</value>
</option>
<option>
<name>db_type</name>
<value>mysql</value>
</option>
<option>
<name>db_name</name>
<value>openca</value>
</option>
<option>
<name>db_host</name>
<value>localhost</value>
</option>
<option>
<name>db_port</name>
<value>3306</value>
</option>
<option>
<name>db_user</name>
<value>openca</value>
</option>
<option>
<name>db_passwd</name>
<value>MYSQLpasswd</value>
</option>
<!-- ==================== -->
<!-- module configuration -->
<!-- ==================== -->
<option>
<name>module_shift</name>
<!-- 8 bits are enough for IDs from 0 to 255 -->
<!-- please remember that 0 is the ID of the CA -->
<value>8</value>
</option>
<option>
<name>ra_module_id</name>
<value>1</value>
</option>
<option>
<name>ldap_module_id</name>
<value>2</value>
</option>
<option>
<name>node_module_id</name>
<value>3</value>
</option>
<option>
<name>pub_module_id</name>
<value>32</value>
</option>
<option>
<name>scep_module_id</name>
<value>33</value>
</option>
<!-- =============================== -->
<!-- configuration of relative paths -->
<!-- =============================== -->
<option>
<name>ca_htdocs_url_prefix</name>
<value>http://ca.research.ec.org</value>
</option>
<option>
<name>ca_cgi_url_prefix</name>
<value>/cgi-bin/ca</value>
</option>
<option>
<name>node_htdocs_url_prefix</name>
<value>http://node.fcul.research.ec.org</value>
</option>
<option>
<name>node_cgi_url_prefix</name>
<value>/cgi-bin/ra_node</value>
</option>
<option>
<name>ra_htdocs_url_prefix</name>
<value>http://ra.fcul.research.ec.org</value>
</option>
<option>
<name>ra_cgi_url_prefix</name>
<value>/cgi-bin/ra</value>
</option>
<option>
<name>ldap_htdocs_url_prefix</name>
<value>http://ldap.research.ec.org</value>
</option>
<option>
<name>ldap_cgi_url_prefix</name>
<value>/cgi-bin/ldap</value>
</option>
<option>
<name>pub_htdocs_url_prefix</name>
<value>http://pki.fcul.research.ec.org</value>
</option>
<option>
<name>pub_cgi_url_prefix</name>
<value>/cgi-bin/pub</value>
</option>
<option>
<name>scep_cgi_url_prefix</name>
<value>/cgi-bin/scep</value>
</option>
<!-- =============================== -->
<!-- configuration of absolute paths -->
<!-- =============================== -->
<option>
<name>ca_htdocs_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/htdocs/ca</value>
</option>
<option>
<name>ca_cgi_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/cgi-bin/ca</value>
</option>
<option>
<name>node_htdocs_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/htdocs/ra_node</value>
</option>
<option>
<name>node_cgi_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/cgi-bin/ra_node</value>
</option>
<option>
<name>ra_htdocs_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/htdocs/ra</value>
</option>
<option>
<name>ra_cgi_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/cgi-bin/ra</value>
</option>
<option>
<name>ldap_htdocs_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/htdocs/ldap</value>
</option>
<option>
<name>ldap_cgi_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/cgi-bin/ldap</value>
</option>
<option>
<name>pub_htdocs_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/htdocs/pub</value>
</option>
<option>
<name>pub_cgi_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/cgi-bin/pub</value>
</option>
<option>
<name>scep_cgi_fs_prefix</name>
<value>/usr/local/openca.0.9.2/httpd/cgi-bin/scep</value>
</option>
<!-- ===================== -->
<!-- configuration of SCEP -->
<!-- ===================== -->
<option>
<name>SCEP_RA_CERT</name>
<value></value>
</option>
<option>
<name>SCEP_RA_KEY</name>
<value></value>
</option>
<option>
<name>SCEP_RA_PASSWD</name>
<value></value>
</option>
<!-- ===================== -->
<!-- general configuration -->
<!-- ===================== -->
<option>
<name>etc_prefix</name>
<value>/usr/local/openca.0.9.2/openca/etc</value>
</option>
<option>
<name>lib_prefix</name>
<value>/usr/local/openca.0.9.2/openca/lib</value>
</option>
<option>
<name>var_prefix</name>
<value>/usr/local/openca.0.9.2/openca/var</value>
</option>
<option>
<name>ca_prefix</name>
<value>ca</value>
</option>
<option>
<name>ldap_prefix</name>
<value>ldap</value>
</option>
<option>
<name>node_prefix</name>
<value>ra_node</value>
</option>
<option>
<name>pub_prefix</name>
<value>pub</value>
</option>
<option>
<name>ra_prefix</name>
<value>ra</value>
</option>
<option>
<name>scep_prefix</name>
<value>scep</value>
</option>
<!-- ========================== -->
<!-- dataexchange configuration -->
<!-- ========================== -->
<!-- there are several templates available today -->
<!-- 0. no dataexchange configure - the default -->
<!-- this makes only sense for an all in one box -->
<!-- it is strongly recommended to use this only for testing -->
<!-- 1. the node acts as CA only -->
<!-- the node exports to one or several RAs only -->
<!-- the node can export to LDAP too -->
<!-- 2. the node acts as RA only -->
<!-- the node exchange data with a CA and public/scep -->
<!-- the node can act as LDAP too -->
<!-- the node can export to LDAP too -->
<!-- 3. the node acts as public/scep only -->
<!-- the node exchange data with a RA -->
<!-- 4. the node acts as LDAP only -->
<!-- the node receives data from CA or RA -->
<!-- 5. the node acts as public/scep and RA -->
<!-- the node echanges data with a CA only -->
<!-- no support for dataexchange with additional LDAP -->
<!-- 6. the node acts as RA and CA -->
<!-- the node exchange data with public/scep -->
<!-- the node can export to LDAP too -->
<!-- -->
<!-- LDAP is only relevant if it is the only protocol on the node -->
<!-- 0. no dataexchange configure - the default -->
<!-- <option>
<name>enroll_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_crl_states</name>
<value></value>
</option>
<option>
<name>enroll_crr_states</name>
<value></value>
</option>
<option>
<name>enroll_csr_states</name>
<value></value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value></value>
</option>
<option>
<name>receive_csr_states</name>
<value></value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>download_certificate_states</name>
<value></value>
</option>
<option>
<name>download_crl_states</name>
<value></value>
</option>
<option>
<name>download_crr_states</name>
<value></value>
</option>
<option>
<name>download_csr_states</name>
<value></value>
</option>
<option>
<name>download_mail_states</name>
<value></value>
</option>
<option>
<name>upload_crr_states</name>
<value></value>
</option>
<option>
<name>upload_csr_states</name>
<value></value>
</option>
-->
<!-- 1. the node acts as CA only -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crr_states</name>
<value>ARCHIVED DELETED APPROVED</value>
</option>
<option>
<name>enroll_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>enroll_mail_states</name>
<value>CRINS DEFAULT</value>
</option>
<option>
<name>receive_crr_states</name>
<value>APPROVED</value>
</option>
<option>
<name>receive_csr_states</name>
<value>APPROVED</value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>download_certificate_states</name>
<value></value>
</option>
<option>
<name>download_crl_states</name>
<value></value>
</option>
<option>
<name>download_crr_states</name>
<value></value>
</option>
<option>
<name>download_csr_states</name>
<value></value>
</option>
<option>
<name>download_mail_states</name>
<value></value>
</option>
<option>
<name>upload_crr_states</name>
<value></value>
</option>
<option>
<name>upload_csr_states</name>
<value></value>
</option>
-->
<!-- 2. the node acts as RA only -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crr_states</name>
<value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value>
</option>
<option>
<name>enroll_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value>PENDING NEW</value>
</option>
<option>
<name>receive_csr_states</name>
<value>PENDING RENEW NEW</value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crr_states</name>
<value>ARCHIVED DELETED APPROVED</value>
</option>
<option>
<name>download_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>download_mail_states</name>
<value>CRINS DEFAULT</value>
</option>
<option>
<name>upload_crr_states</name>
<value>APPROVED</value>
</option>
<option>
<name>upload_csr_states</name>
<value>APPROVED</value>
</option>
-->
<!-- 3. the node acts as public/scep only -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_crl_states</name>
<value></value>
</option>
<option>
<name>enroll_crr_states</name>
<value></value>
</option>
<option>
<name>enroll_csr_states</name>
<value></value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value></value>
</option>
<option>
<name>receive_csr_states</name>
<value></value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crr_states</name>
<value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value>
</option>
<option>
<name>download_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>download_mail_states</name>
<value>CRINS DEFAULT</value>
</option>
<option>
<name>upload_crr_states</name>
<value>NEW</value>
</option>
<option>
<name>upload_csr_states</name>
<value>RENEW NEW</value>
</option>
-->
<!-- 4. the node acts as LDAP only -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_crl_states</name>
<value></value>
</option>
<option>
<name>enroll_crr_states</name>
<value></value>
</option>
<option>
<name>enroll_csr_states</name>
<value></value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value></value>
</option>
<option>
<name>receive_csr_states</name>
<value></value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crr_states</name>
<value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value>
</option>
<option>
<name>download_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>download_mail_states</name>
<value></value>
</option>
<option>
<name>upload_crr_states</name>
<value></value>
</option>
<option>
<name>upload_csr_states</name>
<value></value>
</option>
-->
<!-- 5. the node acts as public/scep and RA -->
<option>
<name>enroll_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_crl_states</name>
<value></value>
</option>
<option>
<name>enroll_crr_states</name>
<value></value>
</option>
<option>
<name>enroll_csr_states</name>
<value></value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value></value>
</option>
<option>
<name>receive_csr_states</name>
<value></value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crr_states</name>
<value>ARCHIVED DELETED APPROVED</value>
</option>
<option>
<name>download_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>download_mail_states</name>
<value>CRINS DEFAULT</value>
</option>
<option>
<name>upload_crr_states</name>
<value>APPROVED</value>
</option>
<option>
<name>upload_csr_states</name>
<value>APPROVED</value>
</option>
<!-- 6. the node acts as RA and CA -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crr_states</name>
<value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value>
</option>
<option>
<name>enroll_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value>PENDING NEW</value>
</option>
<option>
<name>receive_csr_states</name>
<value>PENDING RENEW NEW</value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>download_certificate_states</name>
<value></value>
</option>
<option>
<name>download_crl_states</name>
<value></value>
</option>
<option>
<name>download_crr_states</name>
<value></value>
</option>
<option>
<name>download_csr_states</name>
<value></value>
</option>
<option>
<name>download_mail_states</name>
<value></value>
</option>
<option>
<name>upload_crr_states</name>
<value></value>
</option>
<option>
<name>upload_csr_states</name>
<value></value>
</option>
-->
</software_config>
</openca>
![https://xyz.org/mylogo.jpg"](https://xyz.org/mylogo.jpg"){kind=link}