openca Wed, 21 Dec 2005 13:25:17 -0800

>>> Answers / Comments (now from home)

You need to ensure you have not built OpenCA with OpenSSL 0.97d
>>> Answer: Suse 10.0 have a higher Version I think ist was 0.97e or 0.97f
(not 0.98)


You need to explicitly ./configure (with the directives you passed to  
toplevel configure) /make/make install in the src/scep directory -  
make install_online, make install_offline does not build SCEP correctly.
>>> Answer: I have make a "make install scep"

You need to generate a new RA cert or use the RA cert generated as  
part of the OpenCA initialisation process. 
>>> Answer: I make Phase I,II,III and Create a CA Operator, RA Operator
and then from CA: export to a lower....
and then from RA: import from higher....


You need to place a copy  
of this cert and it's key somewhere convenient that the web server  
user has read access to, and point the config.xml SCEP RA Cert  and  
Key  urls to it.
>>> Answer:
I think you meen this:
             <name>SCEP_RA_CERT</name>
             <value>/.../scep_cert.pem</value>
         </option>
         <option>
             <name>SCEP_RA_KEY</name>
             <value>/.../scep_pkey.pem</value>
         </option>
         <option>
             <name>SCEP_RA_PASSWD</name>
             <value>1234567890</value>
Can you explain here the single steps, how can I create 
or get or who I find the files if they still exists because of Phase II or
Phase III ?


You need to ensure your RA cert does not have a passphrase on it  
(though you still need to put a bogus passphrase in config.xml).

you need to run configure_etc.sh after editing config.xml entries,  
and then restart OpenCA.
>>>Answer: OK - thats clear


Hopefully future releases of OpenCA will simplify this, as I imagine  
a lot of people want to use OpenCA solely as a CA for supporting  
Cisco VPNs.
>>>Answer: I agree to you

Regards Herbert

-- 
GMX DSL-Flatrate 1 Jahr kostenlos* + WLAN-Router ab 0,- Euro*
Bis 31.12.2005 einsteigen! Infos unter: http://www.gmx.net/de/go/dsl


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to