Benjamin Henne wrote:
Hi.
Hello,
I was working with openca und the ocspd packaged with the sources of the
last stable release 0.9.2.2 of openca. I was wondering about the fact,
that I can't configure http als source of CRL until I looked at the
sources. I had to use file://
You should have looked at the man pages (man ocspd.conf), anyway the http://
is still experimental and it is only supported by the 1.0.3 release. I will
tag the release ASAP... anyway it is already available for download.
The ocspd in the openca-package is an older version which does not
support http?
Yes, this is my fault... anyway the new release of ocspd is newer than the
last release of the whole openca package.
I now wanted to try to use the ocspd 1.0.3 from the website. When I now
use the old configuration with this newer ocspd (nothing chaged, still
using file:// etc.) I always get an "unknwon" state for an ocsp request.
If I use http as source ther eis no http request.
Do you have any idea, what could cause this?
This is probably because the CA certificate is not properly loaded. It is
a matter of certificates configuration, I guess. Without further details it
is quite difficult to answer...
Btw, what do I have to setup as db-file (index.txt)? This should be an
empty file? Or the index.txt generated by openca. I figured out, that it
makes no difference, what I configure as "db"?
This is an old option that I forgot to remove in early 1.0.x versions. In
the latest one you can remove it from the configuration file (in the older
versions it was an unused options, btw it was required because of an error
in the configuration loading procedure).
The db, now, is a per-CA specific. This means that you have to setup the
dbms section where there is the list of the CAs the responder will respond
for. Each entry in this section refers to a specific section of the single
CA. The example configuration file should provide some help.
If you provide more details about the used configuration I can be more
precise...
--
C'you,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
Tel.: +39 (0)59 270 094
http://www.openca.org Fax: +39 178 270 2077
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
University of Modena and Reggio Emilia
Certification Authority Informations:
Authority Access Point http://pki.unimo.it
Authority's Certificate: http://pki.unimo.it/ca/issuers.html
Certificate Revocation List: http://pki.unimo.it/crl/cacrl.crl
--o------------------------------------------------------------------------
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
