Common Information on both instalations. Computers A & B ------------------------------------------------
OpenCA Version : 0.9.2.4 Perl Version : perl-5.8.5-16.RHEL4 OpenSSL Version : openssl-0.9.7a-43.4 Operating System: CentOS 4DB Type: MySQL : 4.1.12-3
------------------------------------------------
Problem Description: FIRST PHASE:In a first instalation in computer 'A', AKA 'CA'
./configure --with-openssl-prefix=/usr/share/ssl --with-language=es_ES --with-openca-user=xxx --with-openca-group=xxx --with-module-prefix=/var/ca/modules --with-openca-prefix=/var/ca/data --with-etc-prefix=/var/ca/etc --with-lib-prefix=/var/ca/lib --with-var-prefix=/var/ca/var --with-web-host=xxx.xxx.es --with-httpd-user=xxxx --with-httpd-group=xxx --with-httpd-fs-prefix=/var/www --with-cgi-fs-prefix=/var/www/cgi-bin --with-htdocs-fs-prefix=/var/www/html
make install-ca;make install-node;make install-ra;make install-common;make install-ldap;make install-pub;make install-scep;make install-doc
Next , all the PKI was initialized, configured the files config.xml and /etc/servers/*.conf to make it LDAP - DC compatible and others misc stuffs.
CA and RA databases resides in diferent tables in the same database.
After that I was able to issue in Computer 'A' one CSR, sign CSR by the RA and issue certificate in the CA, export it to LDAP and retrieve it.
SECOND PHASE:
In a Second phase was installed openca in Computer 'B' AKA: RA:
./configure --with-openssl-prefix=/usr/share/ssl --with-language=es_ES --with-openca-user=xxx --with-openca-group=xxx --with-module-prefix=/var/ca/modules --with-openca-prefix=/var/ca/data --with-etc-prefix=/var/ca/etc --with-lib-prefix=/var/ca/lib --with-var-prefix=/var/ca/var --with-web-host=xxx.xxx.es --with-httpd-user=xxx --with-httpd-group=xxx --with-httpd-fs-prefix=/var/www --with-cgi-fs-prefix=/var/www/cgi-bin --with-htdocs-fs-prefix=/var/www/html
# make install-online; make install-doc
Was performed all the same task as in computer 'A' .
THE PROBLEM:
I had enrolled 'ALL' using node's dataexchange of CA using a floppy disk, all the messages are Ok, then in RA node's dataexchange I try to download and although the displayed message said that everything is ok , there is nothing transfered, no Ca certificates nor CRLs, nothing.
I had tried the reverse issuing an CSR in RA, approving it without sign (due to there is no RA certificate, the CA certificate was copied directly by hand to crypto directory to avoid Error 700) with the same results no CSR exported to CA.
Also I had reassigned diferent ModuleID to node, pub, ra and ldap in RA server.
I had been reading a lot of the lists messages before of posting this one, and the more close to my case is this one of M.A. Darche:
http://www.mail-archive.com/[email protected]/msg06880.html
in the antepenultimate reply it saids:
So I did edit the file openca/etc/config.xml for both the CA and RA servers and have de-commented respectively the configuration parts "1. the node acts as CA only" and "2. the node acts as RA only".I had took a look to this file in my installations and this is what I had in both machines:
<!-- 0. no dataexchange configure - the default
<option>
<name>enroll_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_certificate_states</name>
<value></value>
</option>
.....
Nothing is commented 8-(, till the end of the file, worth in the whole file, or as I wonder everything between this lines are commented?
<!-- 0. no dataexchange configure - the default
-->
The questions then are:
1.- What is the way to assign ModuleIDs to the new RA.
2.- How must be decommented the config.xml lines, deleting <!...>?
3.- What is the whole procedure list to set up correctly the new RA?
( I meant initialize DB, rebuild chain, etc)
4.- It is necessary to touch something in CA (roles, etc) to it could know the existence of a new RA, if I assign to the RA a new ModuleID where it is declared in the CA?
5.- What is the procedure with this scene to make the data exchange works in both directions?
Any comment would be very appreciated. Thank in advance.
Regards Javier.
