Re: [Openca-Users] SSCEP segmentation fault upon enroll

[Nilgiris BlueMountain]

Thanks Dalini. You've been a big help. I did receive two certs from the 
server when I performed "getca" from sscep. Moreover, there is no 
segmentation fault when I try to enroll. As expected, it polls forever 
waiting for the request to be approved. When I attempt to "Approve and sign 
the request", a message box pops up "Testing for SecCLAB Plugin", followed 
by another popup window that says "Using integrated Javascript object 
crypto". Upon dismissing these two windows, nothing happens to the actual 
request and is still listed as "Waiting for Approval". Is this a known issue 
or would it be caused by a misinformed setup process :) ?

Thanks
NB


From: dalini <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [Openca-Users] SSCEP segmentation fault upon enroll
Date: Tue, 02 Mar 2004 00:28:52 +0100
Nilgiris BlueMountain wrote:
Thanks Dalini for the detailed response. I have not succeeded yet in 
enrolling successfully via SCEP. I am beginning to wonder if it is because 
of a flaw in my setup process. I have a RA / CA combination running on the 
same machine. My basic building process is:

1)
./configure options
make
make install-online
make install-ca
2)
setting dataexchange to 6 (the node acts as RA and CA)
./configure_etc.sh
./openca_start
3)
Initialization:
 a) Initialize Database
 b) Generate new CA secret key
 c) Generate new CA certificate request
 d) Self signed CA certificate
 e) Rebuild CA Chain
 f) Export Configuration --> to floppy
Could someone clarify what the steps should be from here, to initialize a 
CA and an RA operator when both CA and RA are running on the same machine.

When I attempt to retrieve the CA certificate, I only get one. In most 
examples that I read in this list, there are two certificates that are 
delivered to the sscep client.

ah, ok - i see where the problem is situated ;o)
its all perfect and fine so far with your steps
but u have to do some more things
a) use the init-procedure at the ca for creating an ra-cert
b) export this too
c) save it as openssl - you can do this via the ra-interface
   save one file for the key and one for the cert, just like
   u would do an apache-ssl
d) put the files somewhere
e) put the path including the filename into the scep-part of config.xml
f) rerun ./configure_etc.sh and ./openca_rc restart
than it should work ;o)

actually - for testing it should also be possible to set the scep cert and 
key path to the one for the ca - but it should be readable by the
apache then... and to skip the ra stuff... but i havn't checked this
configuration

greetings
dalini
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
_________________________________________________________________
Learn how to help protect your privacy and prevent fraud online at Tech 
Hacks & Scams. http://special.msn.com/msnbc/techsafety.armx



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users