Re: [Openca-Users] Install OpenCA

Wed, 05 Apr 2006 13:11:05 -0700 

Hi Asier,

Asier Baranguán wrote:
Installation instructions are... very poor, confusing sometimes. I'm following the gentoo bootcd (http://www.tzi.de/~lippold/openca/) 

Nice to hear that someone is interested in what I did ;)


+ ¿Why install first the RA and later the CA? I can't find anything 
about this.



Actually, my installation guide does not include a RA setup. I did this 
in a chroot environment, if you are interested, I shall have a guide to 
it somewhere...



+ The darthmouth setup makes the installation in two directories (openra 
and openca) while the gentoo one makes all in one (OpenCA) ¿which is the 
best? ¿why?



Well, my (publicly available) installation was _only_ a CA, no RA part 
is included. The idea behind my setup is to have the CA on a 
unmodifiable medium (e.g. CD-ROM), so that attackers cannot permanently 
change it. My setup is intended for a clean boot on any machine (we 
thought of a Laptop that may have second uses and is sometimes used as a 
CA). The RA has to reside on a different machine that is connected to 
the Internet. There it runs in a chroot environment, so it can easily be 
moved to a different machine and is distribution independent (well, 
inside the chroot lives a Gentoo, my preferred Linux, but the "outside" 
Linux doesn't matter any more).



+ Would be any problem if I use Apache 2.0.54 instead Apache 1.3? Which 
is the best?



In my experience, it is a bit more configuration with apache 2, but in 
the end I liked apache 2 better. Probably it doesn't make a big difference.



+ I'm playing with linux virtual servers (vserver), so, in theory, I can 
setup each one of the three leves in the same machine (phisically) ¿is 
this OK? Later i'll move them to physically separate servers.



Just make sure that each apache listens on a different port. Another 
method is to install each one in a separate chroot, then you can tar 
them away and move to a different machine, as long as you stay with 
Linux kernel.


Greetings,

Georg


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users






















					Reply via email to