I am using 0.9.1-7 and all was going well until I reached the step of importing the CA config during the RA initialization. I've pasted the results below. The cannot load CA-certificate is the error. My OpenLDAP is up and running and has a database with rootdn/pw that I've validated using an independent ldap client.
Is there an LDIF that I am suppose to import or LDAP entries I am to create before OpenCA will work with an LDAP database? What instructions have a missed?
Usually no one. OpenCA can operate on a complete empty OpenLDAP. The server must only be configured.
I went to the OpenCA ldap screens and poked around and got other error messages like "There is no special DN specified.". What's that mean?
This is no errormessage. It is only a hint that you operate in a full standard compliant way. Some people store CRLs etc. in special LDAP nodes which has nothing to do with the subject of the CA-certificate.
Here's the text of the Import Configuration done during the RA initialization. Any help is greatly appreciated.
Test the archive ...
/bin/tar -tvf /dev/fd0
Importing archive ...
Load required variables ...
Changing to directory /usr/local/openca/ra/var/tmp/tmp_11823 ...
Running the import command(s) ...
/bin/tar -xvf /dev/fd0 -C /usr/local/openca/ra/var/tmp/tmp_11823
Importing the RBAC-configuration ... Ok.
LDAP-support is activated
Automatic LDAP-update is activated
Do you already imported the CA-certifcate during a former run of an import command?
Importing CA-Certificates into ldap ...
Cannot load CA-certificate
This means that the function LDAP_get_ca in ldap-utils.lib cannot find a CA certificate in your database. There are two options now to find the problem:
1. Go to ldap-utils.lib and set the the variable $DEBUG in the function LDAP_get_ca to 1. After this you should see more informations what's going on.
2. Please check that the CA-certificate is in the database. If you use a SQL database then you can simply look into the table ca-certificate. If you use DBM-files then please use the RA interface and check the CA-certificates.
Make CA-Certificate available on the server ...OK.
Re-Building CA Chain ... Ok.
Clean up ...Ok.
p.s. Is there another 0.9.1 guide other than the OpenCA-guide-belldoc.pdf ? This is the manual that I am reading carefully every word.
No, I'm sorry.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
