Ok, I sorted out my roles problems. (thanks to a previous posting: Subject: [OpenCA-Devel] Access to CSRs with no corresponding role impossible)
So it all seems to work ok. I'm going to configure it to have exactly the same openssl config for users who generate requests through globus, or through the public interface. BTW, I tested various server cert requests, and submitted a bug on sourceforge. Damon On Wed, 2004-08-04 at 14:46, Damon Smith wrote: > Hi again, one of the issues I mentioned below is trivial; if a pkcs#10 > certificate request has plain text in the file before the > ----BEGIN CERTIFICATE REQUEST----- > line, then it just goes to a blank screen instead of coming up with an > error. > > On Wed, 2004-08-04 at 13:12, Damon Smith wrote: > > Hi all, > > > > Is it possible to add extra roles in 0.9.2-RC5? I'm using openCA for > > globus security. (All requests are generated by the globus client.) > > > > Here's what I wanted to do: > > Set up two extra request groups: > > Grid Hosts, Grid Users > > > > Set up the same two extra roles: > > Grid Host, Grid User > > > > So I tried doing it like this: > > added the roles to: > > $openca_dir/etc/rbac/roles.xml > > > > Created new files (based on existing ones) > > $openca_dir/etc/openssl/openssl/Grid_Host.cnf > > $openca_dir/etc/openssl/openssl/Grid_User.cnf > > $openca_dir/etc/openssl/extfiles/Grid_Host.cnf > > $openca_dir/etc/openssl/extfiles/Grid_User.cnf > > > > I have a few problems here. > > If I try and do a basic request with a role of user, it works fine. > > If I try it with a role of Grid User I get this: > > > > General Error. The compilation of the command cmdViewCSR failed. Can't > > use an undefined value as a HASH reference at > > /usr/local/openca-0.9.2/lib/servers/node/functions/crypto-utils.lib line > > 1003. > > > > If I try to generate a host cert request in globus and then use that > > with server request in openca, I fill out the details, and then get a > > blank screen. > > > > Can anyone help me out, or point me in the direction of some > > documentation on customizing roles? > > > > Thanks, > > > > Damon Smith > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by OSTG. Have you noticed the changes on > > Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > > one more big change to announce. We are now OSTG- Open Source Technology > > Group. Come see the changes on the new OSTG site. www.ostg.com > > _______________________________________________ > > Openca-Users mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/openca-users > > he new OSTG site. www.ostg.com > > _______________________________________________ > > Openca-Users mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/openca-users > > > > ------------------------------------------------------- > This SF.Net email is sponsored by OSTG. Have you noticed the changes on > Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > one more big change to announce. We are now OSTG- Open Source Technology > Group. Come see the changes on the new OSTG site. www.ostg.com > _______________________________________________ > Openca-Users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-users > G- Open Source Technology > Group. Come see the changes on the new OSTG site. www.ostg.com > _______________________________________________ > Openca-Users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
