On Wed, 2005-05-25 at 09:11 +0200, Oliver Welter wrote: > Hi Benjamin, > > eplies I read, that above error can result in an wrong > > dataexchange-config? I did not change that, so I have configguration 0. > > I did that because comments said that it would make (only) sense for an > > all in one box configuration. And I exaclty have that? > > Is there another way how I have to configure dataexchange with RA,CA,PUB > > on one single box? > > So you mix up something - if you use a "all on one box" config with > dataexchaneg scheme 0 you MUST use same database and sam filesystem for > ca/ra and dont need dataexchange/node interface at all. Alas, we found that did not quite work. Theoretically one does not need a node however, common.conf seems to only be happy if it is linked to node.conf. openca_start fails if the link points to anything else (at least, I think that was the problem we had). > If you have different databases/filesystems you have to configure > dataexchange as it where two hosts. > > So I asume that you have the later one and that will not work ;) > Simply change the dataexchange sections and it will run (hopefully= > > Oliver Benjamin, We just spent weeks working through all this. We compiled roughly 25 pages of documentation about setting up an all-in-one root CA/RA and then separate sub CAs/RAs using scp for data exchange. We also put together a couple of pages to explain the whole node concept to our engineers. If it would be helpful, I can send it to you although it is based upon Fedora Core 3.
It may also not be entirely accurate as we are not experts but it worked for us. If this documentation would be helpful to the project, you are welcome to it - just let me know where to send it - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 [EMAIL PROTECTED] If you would like to participate in the development of an open source enterprise class network security management system, please visit http://iscs.sourceforge.net ------------------------------------------------------- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
