I think you can disregard this last email. I followed the process through and generated the keys and certs for the RA properly. Hmm, here's another question though, I'm quite interested in submitting additions to the OpenCA documentation. Who manages the docs at the moment?
On Wed, 2004-07-14 at 09:54, Damon Smith wrote: > Aah, ok. > > As you might expect, if the RA doesn't have a certificate at all, the > "approve request" option doesn't do anything, and that's where I got > stuck. The "approve request without signing" option still works fine > though. > > Here's my problem; I would have thought that the RA could generate it's > own csr, the CA could sign that and accept it as a valid cert to receive > requests from, and then everything could be encrypted between the two > quite easily, but it seems to work differently. > As you said, the CA generates an RA cert in the CA init process. That > is then exported to the RA. But how can the RA or the RA webserver use > that certificate if they don't have the private key for it? It doesn't > seem to make any sense to me. I must be missing something. > > Thanks for your help, > > Damon > > On Tue, 2004-07-13 at 20:56, Ives Steglich wrote: > > Damon Smith wrote: > > > > > machine, but it's unclear from the documentation how to go about > > > generating a certificate for the RA. > > > > there is an initialization interface - there you can - beside init the > > ca, create the first certs for ra and operators > > > > > Am I supposed to generate a certificate on the CA, and use dataexchange > > > to transfer it to the RA, then do something on the RA to make it the > > > RA's certificate? > > > > to make it the 'ras' certificate, you have to export it as mod_ssl and > > configure your apache to use it... so https gets enabled - thats what > > the ra-cert is used for > > > > second you can enable x509-auth - so the operators have to have an valid > > certificate to login to restriced areas like ra, node and ldap interafaces > > > > > I have exported the CA cert to the RA, and that works well, but I can't > > > seem to approve requests on the RA and send them to the CA yet. > > > > > can you describe this a bit more in detail? > > what exactly doesn'T work, aprove with signing or just aproving and so on > > > > greetings > > dalini > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > Openca-Users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-users > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
