Francois Pernet wrote:
> Hi everyone,
Hello,
> Sorry to bother you with basic question but I succeded in implementing an
> all-in one
[...]
> Before to go I would like if anyone of you has some clues for the following :
> - how
> exactly are talking the RA's operators nodes and the RA Node (protocol,...) ?
> How
The RA Operator uses the HTTP protocol and can be (usually it is) required to be
authenticated by using its own certificate to the webserver. Take a look at the
access control configuration for each of the interfaces you plan to install on
the
RA. For example to set the options for the RA, you should look at the:
INSTALLDIR/etc/access_control/ra.xml.template
(and remember that if you change that configuration, you should use the
configure_etc.sh
script)
> database synchro is done ?
The Dataexchange module takes care about importing/exporting data to/from the
different nodes.
> - experience in apache2 install versus apache 1.3 ? - what
I would suggest you to use apache2, so far no problems have been experienced
under apache2.
> could be the advantage to set up a SubCA ? Can it be done later on ?
Of course it can be done later on. Just issue a certificate for your SubCA and
make an installation for managing the new CA (SubCA). Unfortunately our software
does not support directly multiple CAs on the same installation, you should
perform a new installation (in a different directory) for your subCA.
Anyway I *strongly* suggest you to plan your infrastructure in advance and
then take each piece of the PKI and ask yourself if it is *really* needed.
The simplest the PKI will be, the lower the management efforts will be!
So, follow the usual principle "Keep it Simple"...
--- Max
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
