Hi ListUsers,
just in the moment I'm a little confused about ca- and ra-master
certificates, cause till now I only knew M$-CA's. As far as I understood
OpenCA the RA works just like the M$-issuing-ca. And the CA itself works
like the M$--root-ca.
I use last stable 0.9.2.4 on two machines. CA / RA-LDAP-Pub
This is, what I expected. You generate a selfsigned root-ca certificate
and install it on the root-ca. Then you create a ra-request on the ra an
let the ca sign it. From now on the ra can sign all kinds of requests
coming from anywhere. This is, like M$ ticks.
In OpenCA you also have a selfsigned ca-certificate. And adittionally
you have an ca-operator (who is only allowed to operate the ca when
identified by his certificate. So far ok. I created both, when I
installed my ca on the first machine. But I did also create a ra-master
certificate without knowing what to use it for.
Ok. Then I installed the ra on my second machine, exported the config on
the ca, imported it on the ra and created my first requests from the
outside.
But when I wanted to sign these requests on the ra, it was not possible,
cause there was no certificate for signing. So I had to upload the
requests to the ca, the ca signed em, downloaded them back to the ra and
the certificates where issued. Fine .... but complicated.
So I had the hope to be able to export my previously generated
ra-operator certificate and import it into my browser, so that I can
operate the ra using this certificate and sign all the incoming requests
on the ra.
Is that possible at all ?
I was looking for the certificate of the ra-operator, went to the ca
itself, chose "Initialization"->"Create initial RA-certificate"->"Handle
the certificate". But what I found then, was not the ra-operator
certificate, but the last Email-certificate that was issued by the ra
!!! And I did not mix up the templates for sure. What is going on here ?
Am I totally wrong or is this a bug ?
Thx in advance
Jan Roesner
[EMAIL PROTECTED]
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
