Thanks Dalini. You've been a big help. I did receive two certs from the server when I performed "getca" from sscep. Moreover, there is no segmentation fault when I try to enroll. As expected, it polls forever waiting for the request to be approved. When I attempt to "Approve and sign the request", a message box pops up "Testing for SecCLAB Plugin", followed by another popup window that says "Using integrated Javascript object crypto". Upon dismissing these two windows, nothing happens to the actual request and is still listed as "Waiting for Approval". Is this a known issue or would it be caused by a misinformed setup process :) ?
this is a known issue ;o) to circuumvent it, you should use button: approve without sign this should be fine for testing phase...
mozilla/firefox and derivates arn't able to handle formsign through its own javascript crypto object till now - there is some work in the way, but still not really usable... but there is another way to go:
if you need or wanna use signed approvements (what is a good idea in general) you have to do the following steps:
a) create an ra-operator zertificate
either through the init-steps at the ca or through the normal
process, make sure to approve without signing ;o)
b) install the secclab-plugin for mozilla/netscape whatever you are
running http://secclab.mozdev.org - make sure to use the right
plugin if you are running a gcc3 version, go to the install page
you will find it there - at the download page it is missing ;o)
c) restart mozilla
d) install der ra-operator zertificate
now you should be able to approve with signing the approving, so it is possible to verify at the ca, who has approved this request...
now it is also possible to switch from normal login for critical components to certbased ones... you have to change this in config
etc/servers... example is in the configfiles - very simple
you don't have to do any changes at apache to get this running
since the formsigning process will be used and openca itself will do the necessary checks, so it would work with and without ssl/tls connections
(but like signing requests, it would be a good idea to use https for the
ra and so on, if the operator works remotly...)
greetings dalini
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
