Re: [Openca-Users] automatic generation of CRL

Wed, 17 Jan 2007 13:05:08 -0800 

Ok, let's suppose you have the online and offline nodes on the same machine.

First add the "genCRL" file attached in the PATH/lib/cmds directory.
The code is very simple and is cut&pasted from other code in the
OpenCA source files ;-)

Modify the file PATH/etc/rbac/acl.xml and add this lines

<permission>
        <module>.*</module>
        <role>.*</role>
        <operation>CRL generation operation</operation>
        <owner>.*</owner>
</permission>

Add the file cmsGenCRL.xml in the PATH/etc/rbac/cmds directory.

Add to common.conf file in PATH/etc/servers directory the following
variables, if not defined (I don't remember all names sorry):

crlValidity     30
CMSupdateLDAPautomaticCRL "yes"
LDAP_CRL_Issuer "CN=crl,O=Test CA,C=IT"

(change LDAP_CRL_Issuer CN if you plan to use LDAP)

Change the /etc/crontab file with this line

42 4 1 * * root wget -t 0 -O /var/log/crl.txt -w 10
http://localhost/cgi-bin/ca/ca?operation=GenCRL

In the /var/log/crl.txt you'll find allway a log of the last execution.

p.s. hope it works, I've adapted the code on the fly for the M.L.
I've some doubts on the module in which you put the new command, for
me it is named "cms" and I've added as a new module to the CA, but I
think you can use it also in "ca" module (so the URL for wget was
originally with cms instead of ca).


On 1/16/07, Matthias Alsmann <[EMAIL PROTECTED]> wrote:

Hi together,

@ Diego:
Thanks, that would be nice if you could support me with your source
code and some explanation. Your trick sounds very interesting.



--
Diego

Attachment: genCRL
Description: Binary data

<openca>
    <command_config>
        <command>
            <name>cmsGenCRL</name>
			<operation>CRL generation operation</operation>
            <owner_method></owner_method>
            <owner_argument></owner_argument>
        </command>
    </command_config>
</openca>

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to