Hello Johnny > Hello Pierre, > > I'm not one of the top OpenCA users, but I will try to > aanswer your questions having in mind what I have > experienced. > > > 1. > > I encounter the following problem with the pub > > interface which is quite > > annoying because I want this interface to be as neat > > as possible: > > using the General/Logout fonction, I always got the > > following message: > > "Erreur 6291049 > > > > General Error Loading command name: There is a > > problem with the XML > > cache > > (Client: The answer for the following message > > signals an error. > > /usr/local/openra921/openca/etc/rbac/cmds/.xml > > command_config/command/name" > > > > It seems like it searches a command whose name is '' > > (i.e. void). I have > > no idea on this one. > AFAIK, this functionality is not ready in OpenCA, yet.
What I meant is that when I click on 'Logout' under the General menu I does not work and send me the error listed above. Are you telling me that this simple thing is not supposed to work?! Did you experience the same problem? Is it only Debian related? > > 2. > > I noticed that when OpenCA generated a certificate > > and the key-pair > > going along with it (for a Basic Request for > > example), on the pub > > interface, choosing such a certificate from the > > Certificates/Valid menu, > > the following 2 options are listed : > > - Change Passphrase > > - Remove Key Phrase from database > > I guess these options are available only when you are > using the same browser used to request an specific > certificate, so if you requested a certificate using a > specific browser with a specific system user, "you and > only you" know the PIN used for the master password of > the browser, so you can make changes in the keys used > to request a certificate. It seems that it is not browser-related: if I send a request from IE, it is possible to change the passphrase in Konqueror for example once the certificate is available from the pub interface (as far as you know the original passphrase, of course) > > > > Now, it is a question of choice : > > - Should the user be able to change the key > > passphrase from the public > > interface (he has to know the current passphrase to > > do so)? (I don't > > know) > I guess so, see above. But our experts could refuse my > interpretation of the problem :-) Why not, as long as you need to know the original passphrase to set up a new passphrase. (hoping the passphrase is not 1234567890 or something like that ;) Concerning the 'Remove key from database' function, at least the Access Control Lists should not allow this from the pub interface (default configuration). And I think it should not be displayed on the pub interface but only on the RA interface, except if I missed something (which is possible). Anyone? Regards, Pierre ------------------------------------------------------- SF.Net email is sponsored by: Tell us your software development plans! Take this survey and enter to win a one-year sub to SourceForge.net Plus IDC's 2005 look-ahead and a copy of this survey Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
