> (Excuse my english, but I'm not an english-speaking person) > > Hope anyone can help me or point to any sources. I must > install a three-level CA, as explained in Microsoft Windows > 2000 Server documentation (Root CA, intermediate CA and Final > CA), but I'm not confident with Microsoft software, but I > need a more flexible solution and I believe OpenCA can offer > this to me. > > Not to say, it must be a nearly production-level setup: > security must be the *main* priority. > > Installation instructions are... very poor, confusing > sometimes. I'm following the gentoo bootcd > (http://www.tzi.de/~lippold/openca/) instructions, the OpenCA > Guide and the /docs/howto/darthmouth.txt howto, but I don't > understand some things: > > + ¿Why install first the RA and later the CA? I can't find > anything about this.
You can install first whatever you want, just be sure, that you export a last step the configuration vom ca to ra. > + The darthmouth setup makes the installation in two > directories (openra > + and openca) while > the gentoo one makes all in one (OpenCA) ¿which is the best? ¿why? do what you like... > + Would be any problem if I use Apache 2.0.54 instead Apache > 1.3? Which is the best? apache2 is better in general, but do as you like... > + I'm playing with linux virtual servers (vserver), so, in > theory, I can > + setup each one of > the three leves in the same machine (phisically) ¿is this OK? yes > Later i'll move them to physically separate servers. > > + How can I install this three level CA? I don't want a detailled > + explanation, I need only > some pointers. for security you need an offline ca and/or a hardware token. so i suggest you get 2 physical machines, one offline as ca and one online as pub/ra. you can install all the 3 CA on one machine. for example: ca1.example.com ca2.example.com ca3.example.com Regards Til
smime.p7s
Description: S/MIME cryptographic signature
