Thanks Dalini for the detailed response. I have not succeeded yet in enrolling successfully via SCEP. I am beginning to wonder if it is because of a flaw in my setup process. I have a RA / CA combination running on the same machine. My basic building process is:
1) ./configure options make make install-online make install-ca
2) setting dataexchange to 6 (the node acts as RA and CA) ./configure_etc.sh ./openca_start
3) Initialization: a) Initialize Database b) Generate new CA secret key c) Generate new CA certificate request d) Self signed CA certificate e) Rebuild CA Chain f) Export Configuration --> to floppy
Could someone clarify what the steps should be from here, to initialize a CA and an RA operator when both CA and RA are running on the same machine.
When I attempt to retrieve the CA certificate, I only get one. In most examples that I read in this list, there are two certificates that are delivered to the sscep client.
ah, ok - i see where the problem is situated ;o) its all perfect and fine so far with your steps
but u have to do some more things a) use the init-procedure at the ca for creating an ra-cert b) export this too c) save it as openssl - you can do this via the ra-interface save one file for the key and one for the cert, just like u would do an apache-ssl d) put the files somewhere e) put the path including the filename into the scep-part of config.xml f) rerun ./configure_etc.sh and ./openca_rc restart
than it should work ;o)
actually - for testing it should also be possible to set the scep cert and key path to the one for the ca - but it should be readable by the
apache then... and to skip the ra stuff... but i havn't checked this
configuration
greetings dalini
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
