Hi.
I am trying OpenCA v. 0.9.2-RC4
I have succesfully completed the CA installation and configuration, but when I try to access the RA or PUB modules using HTTPS, I get:
Error Aborting connection - you are using a too short symmetric keylength ().*
*General Error. 6251043.
When I try to access them with HTTP, I get something about using a wrong protocol (http)
I have search the list archives, but could not find any information on this (and the FAQ entry does not really help me out).
in etc/access-control you have a ra.xml and a pub.xml, which define the access to the interfaces.
You 'll find something like this:
<channel>
<type>mod_ssl</type>
<protocol>ssl</protocol>
<source>.*</source>
<asymmetric_cipher>.*</asymmetric_cipher>
<asymmetric_keylength>0</asymmetric_keylength>
<symmetric_cipher>.*</symmetric_cipher>
<symmetric_keylength>128</symmetric_keylength>
</channel>The "<type>"-Element says, that your are you using
mod_ssl in your apache.
The <protocol> says, you must using https to access this interface.
If you want to use http, change it to "<protocol>.*</protocol>", which
should match any protocol. Don't forget to change the <symmetric_keylength>128</symmetric_keylength> to
<symmetric_keylength>0</symmetric_keylength>, so that the access-control will accept any keylength >=0.
But with this configuration, you have no SSL(no encryption). Use at your own risk.
If you want to use SSL (recommended), you have to tell your mod_ssl
to export some envrionment variables, because openca gets the information about the keylength etc. via those environment variables.
To configure mod_ssl in the apache configuration, just add these SSL-Options
SSLOptions +StdEnvVars +ExportCertData
in your httpd.conf.
Best regards Michael -- Dipl.-Inform. Michael Konietzka Schlund + Partner AG
------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
