Re: [Openca-Users] Bug in RA when

Mon, 21 Mar 2005 04:58:05 -0800

Ives Steglich a �crit : 
M.-A. DARCHE wrote:

Ives Steglich a �crit : 


I think that my CA was well configured. I did the CA cert generation
without any problem. The export seemed also to went well. I did the
following:

Dataexchange -> Enroll data to a lower level of the hierarchy -> Configuration

now, we have the problem ;)
configuration doesn't export the ca-certs and crls (i think)
you should use ALL


It seems logical of course! :-)

My error is that I was following the following recommandations
that can be found in docs/howto/wallus.txt:

Export Configuration from CA
----------------------------
Put in a freshly formatted floppy,
make shure that wwwrun has access to /dev/fd0 (chown wwwrun /dev/fd0).
Open within the browser
http://ca.intern.results-hannover.de/ca_node
-> Dataexchange -> Enroll data to a lower level of the hierarchy -> Configuration


Maybe this file should be corrected/updated or is it about another
setting process and I get confused.


This part went definitely fine. I'm sure that nothing wrong happened
here. The tar export was fine and readable and the import went well. I
did the following:

Server init -> Import Configuration

now i think it doesn't worked out all like expected since:

openca/var/crypto/cacerts:
total 0
drwxr-s--- 2 www-data www-data 312 Mar 21 12:55 .
drwxr-s--- 8 www-data www-data 280 Mar 21 12:46 ..
lrwxrwxrwx 1 root www-data 10 Mar 21 12:46 bp_cert.pem -> cacert.pem
lrwxrwxrwx 1 root www-data 10 Mar 21 12:46 cacert.cer -> cacert.der
lrwxrwxrwx 1 root www-data 10 Mar 21 12:46 cacert.crt -> cacert.pem
-rw-r--r-- 1 www-data www-data 0 Mar 21 12:55 cacert.der
-rw-r--r-- 1 www-data www-data 0 Mar 21 12:55 cacert.pem
-rw-r--r-- 1 www-data www-data 0 Mar 21 12:55 cacert.txt 


now - i personly think - the cacerts should have more then 0 bytes ;)
so i guess - we are close to solve this issue...


Yes, I just spoted it too as your email arrived!


try exporting ALL at the ca and import ALL at ra
i think this may solve the issue


I'm doing it right now and will report to the list ASAP.


Thanks again for the great support.

--
Marc-Aur�le DARCHE
NUXEO (Paris, France)                     http://nuxeo.com/
Nuxeo Collaborative Portal Server (CPS)   http://www.cps-project.org/
Gestion de contenu web / portail collaboratif / logiciel libre



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to