On Fri, Jan 23, 2004 at 08:44:07PM +0100, johnny gonzalez wrote: > From: johnny gonzalez <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [Openca-Users] Aprove and Sign a Certificate > Reply-To: [EMAIL PROTECTED] > Date: Fri, 23 Jan 2004 20:44:07 +0100 (CET) > > Hello, I have some operational questions. I'd like > someone to tell me if I'm wrong in one or several > steps in the entire proccess. > > As I know this is the entire proccess:
There was a nice howto at http://openca.results-security.de/ In the 1st phase you create your CA certificate, which you'll use to sign requests. In the 2nd phase, according to howto, you create certificate for approving and signing request (this is how I understand it. it could be wrong :) This certificate you have to import to your web browser. In the 3rd phase, you create certificate for the web server of the RA interface. you must have ssl apache module installed. > > First Initialize the CA using the 3 Initialization > phases. > > 1. Initialize the Certification Authority > 1.1 Initialize database > 1.2 Generate new CA Secret Key > 1.3 Generate certificate request for the CA > 1.4 Sign the generated CA certificate > 1.4.1 Autosign (using our CA) > 1.4.2 Using another CA > 1.5 Rebuild the CA Chain > 1.6 Export the Configuration > 2. Create the initial administrator (this concerns > . the CA, right?) > 2.1 Create a new request > 2.2 Modify the request > 2.3 Issue the certificate > 2.4 Handle the certificate > 3. Create the Initial RA Certificate > 3.1 Create a new request > 3.2 Edit the request > 3.3 Modify the request > 3.4 Handle the request > > As I understand, all this steps should be done ONLY > once, is it right? > > Once all this Initialization phases are completed, the > RA receives all incomming requests, right?? > > What should I do to make available the RA to sign > requests? Do I have to import the RA certificate to > the apache's web server or something?? > > My question is because when in the RA, I try to Aprove > And Sign a Request, but the button doesn't do > anything. I think the browser isn't the problem > because I'm using Mozilla WamCom and Netscape 7.0. WamCom should work. Have you imported initial administrator's cert to the browser? > > What do you think? What do you recommend to me?? > > Thanks a lot for your valuable help, > johnny -- Alexei Chetroi ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
