Well..what helped me in the same situation was to STRICTLY keep those two versions apart. That means: different "--prefix", "--with-openca-prefix", "--with-module-prefix" and "--with-httpd-fs-prefix". What me surprised was that you could use the same "--with-web-host", but I guess that was just me... :)
Regards T.o.Michael
Michael Konietzka wrote:
Hello,
I am new to OpenCA and want to "setup two management interfaces on one server", as described in openca-0.9.2-RC3/docs/guide/html_chunked/ch03s04.html#id2885425
My installation history.
First the online-Part:
rossi> ./configure --prefix=/home/openca/ --with-openssl-prefix=/usr/local/ssl/--with-openca-user=openca --with-openca-group=users --with-httpd-user=nobody --with-httpd-group=nobody
rossi> make; make install-online; rossi> cd ~openca/OpenCA/etc/ rossi> joe config.xml rossi> cd ~openca/OpenCA/ rossi> chmod 000 etc/servers/*.conf*
Now the offline part:
rossi> cd ~openca/openca-0.9.2-RC3/
rossi> ./configure --prefix=/home/openca/ --with-openssl-prefix=/usr/local/ssl/ --with-openca-user=openca --with-openca-group=users --with-httpd-user=nobody --with-httpd-group=nobody
rossi> make rossi> make install-offline rossi> cd ~openca/OpenCA/etc/ rossi> joe config.xml
Notice: config.xml is not changed, see Attachment.
All works fine until I want edit etc/configure_etc.sh It is not clear, how to change etc/configuure_etc.sh
In my configure_etc.sh I found:
for DIRECTORY in /home/openca//OpenCA/etc /home/openca//OpenCA/lib /home/openca//apache/htdocs/ca /home/openca//apache/htdocs/ra /home/openca//apache/htdoc do
but in the documentation it is said there "should" be directories like
/Test/OpenCA/etc/ /Test/OpenCA/lib/servers/ca_node /Test/OpenCA/lib/servers/ca /Test/htdocs/ca /Test/htdocs/ca_node
I have no ca_node.
what went wrong, if?
Bye Michael
------------------------------------------------------------------------
<openca> <software_config> <!-- ######################################################## USAGE WARNING ########################################################
If yo change this file then you must change all files in etc which has the suffix .template. Please do this with the script openca-configure.
Example: template: servers/ca.conf.template openca-configure config.xml servers/ca.conf.template servers/ca.conf
If you don't do this then you have an inconsistent OpenCA installation. So this warning is serious.
You can update all templates with a simple bash script. configure_etc.sh is such a script and demonstrates the usage of openca-configure.
2003-Mar-12, Michael Bell <[EMAIL PROTECTED]> --> <prefix>@</prefix> <suffix>@</suffix>
<!-- =========== --> <!-- HSM support --> <!-- =========== --> <option> <name>openssl_engine</name> <value></value> </option> <option> <name>hsm_utility</name> <value></value> </option> <option> <name>hsm_slot</name> <value></value> </option> <option> <name>appid</name> <value></value> </option>
<!-- =============== --> <!-- general options --> <!-- =============== -->
<option> <name>default_language</name> <value>de</value> </option> <option> <name>default_charset</name> <value>iso-8859-1</value> </option> <option> <name>ca_organization</name> <value>Schlund</value> </option> <option> <name>ca_locality</name> <value>Karlsruhe</value> </option> <option> <name>ca_country</name> <value>Germany</value> </option> <option> <name>sendmail</name> <value>/usr/lib/sendmail -n -t </value> </option> <option> <name>send_mail_automatic</name> <value>no</value> </option> <option> <name>service_mail_account</name> <value>[EMAIL PROTECTED]</value> </option> <option> <name>policy_link</name> <value>https://rossi.ue.schlund.de/pub/policy.html</value> </option>
<!-- ======================== --> <!-- web server configuration --> <!-- ======================== --> <option> <name>httpd_protocol</name> <value>https</value> </option> <option> <name>httpd_host</name> <value>rossi.ue.schlund.de</value> </option> <option> <!-- please include the colon if you specify a port --> <!-- please remember this is dependend from httpd_protocol --> <name>httpd_port</name> <value>:443</value> </option> <option> <name>menu_logo_left</name> <value> <!-- Here you can put references to the logo, you can use any html reference you want but please keep in mind that: no <> are allowed, use instead < and > rispectively.
example: <img src="https://xyz.org/mylogo.jpg"; alt="XYZ Logo"/> --> </value> </option> <option> <name>menu_logo_right</name> <a href="__HTDOCS_PREFIX__/thanks.html"> <img src="__HTDOCS_PREFIX__/images/openca-logo.png" alt="OpenCA Logo"/> </a> <value></value> </option> <option> <!-- You can add more CDPs here. Please enter one CDP per line. This is the content of an OpenSSL configuration section. Example: URI.1=http://cdp1.xyz.de/pub/crl/cacrl.crl URI.2=ldap://cdp2.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE URI.3=http://cdp2.xyz.de/pub/crl/cacrl.crl URI.4=ldap://cdp1.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE --> <name>CRLDistributionPoints</name> <value> URI.1=http://rossi.ue.schlund.de/pub/crl/cacrl.crl </value> </option> <option> <name>NS_CRLDistributionPoint</name> <value>http://rossi.ue.schlund.de/pub/crl/cacrl.crl</value> </option>
<!-- ========================= --> <!-- ldap server configuration --> <!-- ========================= --> <option> <name>ldap_host</name> <value></value> </option> <option> <name>ldap_port</name> <value>389</value> </option> <option> <name>ldaproot</name> <value></value> </option> <option> <name>ldaprootpwd</name> <value></value> </option> <option> <name>useLDAP</name> <value>no</value> </option> <option> <name>update_ldap_automatic</name> <value>no</value> </option>
<!-- ====================== --> <!-- database configuration --> <!-- ====================== --> <option> <name>dbmodule</name> <!-- you can use DB or DBI --> <value>DB</value> </option> <option> <name>db_type</name> <value>Pg</value> </option> <option> <name>db_name</name> <value>openca</value> </option> <option> <name>db_host</name> <value>localhost</value> </option> <option> <name>db_port</name> <value>5432</value> </option> <option> <name>db_user</name> <value>openca</value> </option> <option> <name>db_passwd</name> <value></value> </option>
<!-- ==================== --> <!-- module configuration --> <!-- ==================== --> <option> <name>module_shift</name> <!-- 8 bits are enough for IDs from 0 to 255 --> <!-- please remember that 0 is the ID of the CA --> <value>8</value> </option> <option> <name>ra_module_id</name> <value>1</value> </option> <option> <name>ldap_module_id</name> <value>2</value> </option> <option> <name>node_module_id</name> <value>3</value> </option> <option> <name>pub_module_id</name> <value>32</value> </option> <option> <name>scep_module_id</name> <value>33</value> </option>
<!-- =============================== --> <!-- configuration of relative paths --> <!-- =============================== -->
<option> <name>ca_htdocs_url_prefix</name> <value>/ca</value> </option> <option> <name>ca_cgi_url_prefix</name> <value>/cgi-bin/ca</value> </option> <option> <name>node_htdocs_url_prefix</name> <value>/node</value> </option> <option> <name>node_cgi_url_prefix</name> <value>/cgi-bin/node</value> </option> <option> <name>ra_htdocs_url_prefix</name> <value>/ra</value> </option> <option> <name>ra_cgi_url_prefix</name> <value>/cgi-bin/ra</value> </option> <option> <name>ldap_htdocs_url_prefix</name> <value>/ldap</value> </option> <option> <name>ldap_cgi_url_prefix</name> <value>/cgi-bin/ldap</value> </option> <option> <name>pub_htdocs_url_prefix</name> <value>/pub</value> </option> <option> <name>pub_cgi_url_prefix</name> <value>/cgi-bin/pub</value> </option> <option> <name>scep_cgi_url_prefix</name> <value>/cgi-bin/scep</value> </option>
<!-- =============================== --> <!-- configuration of absolute paths --> <!-- =============================== -->
<option> <name>ca_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/ca</value> </option> <option> <name>ca_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/ca</value> </option> <option> <name>node_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/node</value> </option> <option> <name>node_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/node</value> </option> <option> <name>ra_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/ra</value> </option> <option> <name>ra_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/ra</value> </option> <option> <name>ldap_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/ldap</value> </option> <option> <name>ldap_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/ldap</value> </option> <option> <name>pub_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/pub</value> </option> <option> <name>pub_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/pub</value> </option> <option> <name>scep_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/scep</value> </option>
<!-- ===================== --> <!-- configuration of SCEP --> <!-- ===================== -->
<option> <name>SCEP_RA_CERT</name> <value></value> </option> <option> <name>SCEP_RA_KEY</name> <value></value> </option> <option> <name>SCEP_RA_PASSWD</name> <value></value> </option>
<!-- ===================== --> <!-- general configuration --> <!-- ===================== -->
<option> <name>prefix</name> <value>/home/openca/</value> </option> <option> <name>etc_prefix</name> <value>/home/openca//OpenCA/etc</value> </option> <option> <name>lib_prefix</name> <value>/home/openca//OpenCA/lib</value> </option> <option> <name>var_prefix</name> <value>/home/openca//OpenCA/var</value> </option> <option> <name>ca_prefix</name> <value>ca</value> </option> <option> <name>ldap_prefix</name> <value>ldap</value> </option> <option> <name>node_prefix</name> <value>node</value> </option> <option> <name>pub_prefix</name> <value>pub</value> </option> <option> <name>ra_prefix</name> <value>ra</value> </option> <option> <name>scep_prefix</name> <value>scep</value> </option>
<!-- ========================== --> <!-- dataexchange configuration --> <!-- ========================== -->
<!-- there are several templates available today -->
<!-- 0. no dataexchange configure - the default -->
<!-- this makes only sense for an all in one box -->
<!-- it is strongly recommended to use this only for testing -->
<!-- 1. the node acts as CA only -->
<!-- the node exports to one or several RAs only -->
<!-- the node can export to LDAP too -->
<!-- 2. the node acts as RA only -->
<!-- the node exchange data with a CA and public/scep -->
<!-- the node can act as LDAP too -->
<!-- the node can export to LDAP too -->
<!-- 3. the node acts as public/scep only -->
<!-- the node exchange data with a RA -->
<!-- 4. the node acts as LDAP only -->
<!-- the node receives data from CA or RA -->
<!-- 5. the node acts as public/scep and RA --> <!-- the node echanges data with a CA only -->
<!-- no support for dataexchange with additional LDAP -->
<!-- 6. the node acts as RA and CA -->
<!-- the node exchange data with public/scep -->
<!-- the node can export to LDAP too -->
<!-- -->
<!-- LDAP is only relevant if it is the only protocol on the node -->
<!-- 0. no dataexchange configure - the default --> <option> <name>enroll_ca_certificate_states</name> <value></value> </option> <option> <name>enroll_certificate_states</name> <value></value> </option> <option> <name>enroll_crl_states</name> <value></value> </option> <option> <name>enroll_crr_states</name> <value></value> </option> <option> <name>enroll_csr_states</name> <value></value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value></value> </option> <option> <name>receive_csr_states</name> <value></value> </option> <option> <name>download_ca_certificate_states</name> <value></value> </option> <option> <name>download_certificate_states</name> <value></value> </option> <option> <name>download_crl_states</name> <value></value> </option> <option> <name>download_crr_states</name> <value></value> </option> <option> <name>download_csr_states</name> <value></value> </option> <option> <name>download_mail_states</name> <value></value> </option> <option> <name>upload_crr_states</name> <value></value> </option> <option> <name>upload_csr_states</name> <value></value> </option>
<!-- 1. the node acts as CA only --> <!-- <option> <name>enroll_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_crl_states</name> <value>VALID</value> </option> <option> <name>enroll_crr_states</name> <value>ARCHIVED DELETED APPROVED</value> </option> <option> <name>enroll_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>enroll_mail_states</name> <value>CRINS DEFAULT</value> </option> <option> <name>receive_crr_states</name> <value>APPROVED</value> </option> <option> <name>receive_csr_states</name> <value>APPROVED</value> </option> <option> <name>download_ca_certificate_states</name> <value></value> </option> <option> <name>download_certificate_states</name> <value></value> </option> <option> <name>download_crl_states</name> <value></value> </option> <option> <name>download_crr_states</name> <value></value> </option> <option> <name>download_csr_states</name> <value></value> </option> <option> <name>download_mail_states</name> <value></value> </option> <option> <name>upload_crr_states</name> <value></value> </option> <option> <name>upload_csr_states</name> <value></value> </option> -->
<!-- 2. the node acts as RA only --> <!-- <option> <name>enroll_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_crl_states</name> <value>VALID</value> </option> <option> <name>enroll_crr_states</name> <value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value> </option> <option> <name>enroll_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value>PENDING NEW</value> </option> <option> <name>receive_csr_states</name> <value>PENDING RENEW NEW</value> </option> <option> <name>download_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>download_certificate_states</name> <value>VALID</value> </option> <option> <name>download_crl_states</name> <value>VALID</value> </option> <option> <name>download_crr_states</name> <value>ARCHIVED DELETED APPROVED</value> </option> <option> <name>download_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>download_mail_states</name> <value>CRINS DEFAULT</value> </option> <option> <name>upload_crr_states</name> <value>APPROVED</value> </option> <option> <name>upload_csr_states</name> <value>APPROVED</value> </option> -->
<!-- 3. the node acts as public/scep only --> <!-- <option> <name>enroll_ca_certificate_states</name> <value></value> </option> <option> <name>enroll_certificate_states</name> <value></value> </option> <option> <name>enroll_crl_states</name> <value></value> </option> <option> <name>enroll_crr_states</name> <value></value> </option> <option> <name>enroll_csr_states</name> <value></value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value></value> </option> <option> <name>receive_csr_states</name> <value></value> </option> <option> <name>download_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>download_certificate_states</name> <value>VALID</value> </option> <option> <name>download_crl_states</name> <value>VALID</value> </option> <option> <name>download_crr_states</name> <value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value> </option> <option> <name>download_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>download_mail_states</name> <value>CRINS DEFAULT</value> </option> <option> <name>upload_crr_states</name> <value>NEW</value> </option> <option> <name>upload_csr_states</name> <value>RENEW NEW</value> </option> -->
<!-- 4. the node acts as LDAP only --> <!-- <option> <name>enroll_ca_certificate_states</name> <value></value> </option> <option> <name>enroll_certificate_states</name> <value></value> </option> <option> <name>enroll_crl_states</name> <value></value> </option> <option> <name>enroll_crr_states</name> <value></value> </option> <option> <name>enroll_csr_states</name> <value></value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value></value> </option> <option> <name>receive_csr_states</name> <value></value> </option> <option> <name>download_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>download_certificate_states</name> <value>VALID</value> </option> <option> <name>download_crl_states</name> <value>VALID</value> </option> <option> <name>download_crr_states</name> <value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value> </option> <option> <name>download_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>download_mail_states</name> <value></value> </option> <option> <name>upload_crr_states</name> <value></value> </option> <option> <name>upload_csr_states</name> <value></value> </option> -->
<!-- 5. the node acts as public/scep and RA --> <!-- <option> <name>enroll_ca_certificate_states</name> <value></value> </option> <option> <name>enroll_certificate_states</name> <value></value> </option> <option> <name>enroll_crl_states</name> <value></value> </option> <option> <name>enroll_crr_states</name> <value></value> </option> <option> <name>enroll_csr_states</name> <value></value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value></value> </option> <option> <name>receive_csr_states</name> <value></value> </option> <option> <name>download_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>download_certificate_states</name> <value>VALID</value> </option> <option> <name>download_crl_states</name> <value>VALID</value> </option> <option> <name>download_crr_states</name> <value>ARCHIVED DELETED APPROVED</value> </option> <option> <name>download_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>download_mail_states</name> <value>CRINS DEFAULT</value> </option> <option> <name>upload_crr_states</name> <value>APPROVED</value> </option> <option> <name>upload_csr_states</name> <value>APPROVED</value> </option> -->
<!-- 6. the node acts as RA and CA --> <!-- <option> <name>enroll_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_crl_states</name> <value>VALID</value> </option> <option> <name>enroll_crr_states</name> <value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value> </option> <option> <name>enroll_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value>PENDING NEW</value> </option> <option> <name>receive_csr_states</name> <value>PENDING RENEW NEW</value> </option> <option> <name>download_ca_certificate_states</name> <value></value> </option> <option> <name>download_certificate_states</name> <value></value> </option> <option> <name>download_crl_states</name> <value></value> </option> <option> <name>download_crr_states</name> <value></value> </option> <option> <name>download_csr_states</name> <value></value> </option> <option> <name>download_mail_states</name> <value></value> </option> <option> <name>upload_crr_states</name> <value></value> </option> <option> <name>upload_csr_states</name> <value></value> </option> -->
</software_config> </openca>
-- accom GmbH & Co. KG Gruener Weg 100 52070 Aachen
Tel: +49 241 918 5228 Fax: +49 241 918 5299
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
![https://xyz.org/mylogo.jpg"](https://xyz.org/mylogo.jpg"){kind=link}