Hi all:
I am trying to set up a remote access service to a local network with an Enterasys VPN router. I want to use IPsec for the tunneling and certificates for user authentication.
The VPN router needs the CA to 'speak' SCEP to obtain it's own certificate and the CA's certificate. So i need OpenCA with SCEP support and that is why i am using the latest snapshot.
In fact, I guess that the ideal setup would be just one machine which makes certificates for itself, the router and the clients and is accesible to the router via SCEP.
Now my questions.
First of all, do you think this is possible? I am quite a newbie and I am not pretty sure of what I do.
Yes, it's possible.
If I do not want to use the CA for any other kind of service, do I still need two servers (RA and CA)?
Yes, because the CA key should never be online. If you misconfigured your router one time then don't know what is with your CA if the key is online.
If using just one machine is possible, should I set it up as a RA or as a CA?
If you have all interfaces on one computer then the hierarchylevel is irrelevant. I hope you know what a CA and a RA is.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
