Michael Bell wrote:
Nuno Miguel Neves wrote:
1- The central RA can also have requests and approvals in his own DB, right? From a user point of view, it's just like any of the others, right?
Yes.
2 - When I configure the dataexchange, using scp, I must copy seven tar files (openca-1.tar, openca-2.tar,...) , one from each minor RA. How do I write the script to read all seven files? And how do I know what to export for each of them?
First the dataexchange with the different RAs works allways the same way.
minor RA.x: upload data to openca.tar at the major RA major RA: receive data via openca.tar from a minor RA
These two steps must be performed for every RA seperately. First you exchange the data with RA.1, then with the RA.2 and so on. They all use the same target file. The major RA imports allways one minor RA upload.
The enrollment from the major RA to the minor RAs works similar like the upload. The major RA performs on export and then every minor RA uses scp to copy the export file to it's local disk.
But the major RA only creates one file. Then, all minor RA know what is meant for them, right?
So, the idea is (if I understand it correctly):
I go to a "minor" RA and do an upload data to a higher level. Then I go to the major RA and do a Receive data from a lower level. Then I go to another minor RA and so on.
Afterwards, I do an upload data to a higher level on the major RA (which transfers everything to the CA), issue certificates,etc. and then do a download data from a higher level of the hierarchy on the major RA. Then Enroll data to a lower level on the major RA and finally a download fata from a higher level on all minor RAs.
The minor RAs access the major RA with scp
Is this correct?
Thanks,
PS - Is there anyway to remove some Export/Import commands from the ra_node ( i.e the CA does not need the download or upload from a higher level and the minor RAs do not need the enroll and receive from lower level)?
If you don't like to access the major RA from the minor RAs then you must put all the stuff in the import command on the major RA. This includes merging the different tar files.
Michael
--
[EMAIL PROTECTED] Dept. Informatica, Fac. Ciencias,
|\ | |\ | Tel: +351 21 7500528 Univ. Lisboa, Bloco C5, Campo Grande
| \|uno | \|eves Fax: +351 21 7500084 1700 Lisboa, Portugal
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
