[Openca-Users] a little problem with openca-0.9.2.2 on fedora core 5 !!!!

Thu, 01 Feb 2007 19:24:49 -0800 

hi my friends ,
     I'm installing openca-0.9.2.2 on fedora core 5 with following steps:
  yum install httpd mod_ssl perl-URI perl-XML-Twig perl-XML-SAX perl-DBD-Pg 
postgresql postgresql-server postgresql-libs postgresql-pl
Create the openca user and group:
groupadd openca
useradd -g openca -u 1201 openca
  Create a /download directory:
mkdir /download
Download the openca-0.9.2.2.tar.gz tarball from http://www.openca.org or from 
some other source into /download/
Untar the tarball
tar zvxf openca-0.9.2.2.tar.gz
Configure PostgreSQL:
Start the PostgreSQL service with “service postgresql start” to initialize the 
database.
su to the postgres user, create the openca database, go into psql, create the 
openca user and assign its password, change the postgres user password:
su - postgres
createdb openca
psql openca
create user openca with password '<the password>';
alter user postgres with password '<the password>';
\q
exit
Edit the postgresql.conf file to allow tcpip connections (/var/lib/pgsql/data/) 
(tcpip_socket=true) --------------------------------------> i can't add this 
command into postgresql.conf
Edit the pg_hba.conf file (/var/lib/pgsql/data/) so that the access control 
section looks like this:
local all postgres md5
host openca openca 127.0.0.1 255.255.255.255 md5
local openca openca md5
local all all ident sameuser
Restart the postgresql service so that the changes take effect
As a user other than openca, attempt to open the openca database in psql as 
openca in order to ensure that the security is configured properly:
psql -U openca openca
The above command should succeed.
Configure httpd:
Edit /etc/httpd/conf/httpd.conf as follows:
ServerName <THE SERVER'S HOSTNAME>:80
DocumentRoot "/usr/local/OpenCA/www/htdocs"
<Directory "/usr/local/OpenCA/www/htdocs">
ScriptAlias /cgi-bin/ "/usr/local/OpenCA/www/cgi-bin/"
<Directory "/usr/local/OpenCA/www/cgi-bin">
Edit /etc/httpd/conf.d/ssl.conf by adding the following line to the SSL Global 
Context section:
SSLOptions +StdEnvVars +ExportCertData 
-------------------------------------------------------------------> it's not 
clear
httpd may not start yet as the DocumentRoot directory may not yet be created
Root CA:
The root CA will be a safely stored, non-networked device. It's sole use is to 
create subCA certificates. As such, it will need an RA and public interface on 
the same device. Thus, data exchange can happen on the local disk subsystem.
Install interfaces
Since all interfaces will share the same database, no node interface is 
necessary. We will install the CA, RA and Public interfaces.
Change to the openca source root directory (e.g., /download/openca-0.9.2.2).
./configure --with-openca-user=openca --with-openca-group=openca 
--with-web-host=$(hostname) --with-httpd-user=apache --with-httpd-group=apache 
--with-httpd-fs-prefix=/usr/local/OpenCA/www 
--with-module-prefix=/usr/local/OpenCA/perlmods
make
(make test will probably fail in 0.9.2.2 - we have been told this is not a 
problem.)
make install-ca && make install-ra && make install-pub
!!!********* OOPS !!! Apparently this won't work. Even though this root RA does 
not need a node, there is a reference in the code to a file supplied by the 
node target. Otherwise openca_start fails with an error:
Configuration error: Missing Configuration Keyword : CgiCmdsPath
because etc/servers/common.conf MUST point to node.conf.
Thus we must do:
make install-online && make install-ca
Change to the /usr/local/OpenCA/etc directory and edit config.xml as follows:
General options section
<option>
<name>ca_organization</name>
<value>MyOrganization</value>
</option>
<option>
<name>ca_locality</name>
<value></value>
</option>
<option>
<!--
please enter the ISO country code here
DE, IT, PL, UK, US ...
this country code is ALWAYS two characters long
-->
<name>ca_country</name>
<value>US</value>
</option>
<option>
<name>sendmail</name>
<value>/usr/lib/sendmail -n -t </value>
</option>
<option>
<name>send_mail_automatic</name>
<value>no</value>
</option>
<option>
<name>service_mail_account</name>
<value>[EMAIL PROTECTED]</value> <!-- adapt this to the proper e-mail account - 
it is a required field -->
</option>
Database configuration section
<option>
<name>dbmodule</name>
<!-- you can use DB or DBI -->
<value>DBI</value>
</option>
<option>
<name>db_type</name>
<value>Pg</value>
</option>
<option>
<name>db_name</name>
<value>openca</value>
</option>
<option>
<name>db_host</name>
<value>localhost</value>
</option>
<option>
<name>db_port</name>
<value>5432</value>
</option>
<option>
<name>db_user</name>
<value>openca</value>
</option>
<option>
<name>db_passwd</name>
<value><THE PASSWORD VALUE></value>
</option>
Module configuration
<option>
<name>module_shift</name>
<!-- 8 bits are enough for IDs from 0 to 255 -->
<!-- please remember that 0 is the ID of the CA -->
<value>13</value>
</option>
Dataexchange configuration (at the very end)
<!-- these are the devices for the default dataexchange -->
<option>
<name>dataexchange_device_up</name>
<value>/usr/local/OpenCA/var/tmp/openca-tar</value>
</option>
<option>
<name>dataexchange_device_down</name>
<value>/usr/local/OpenCA/var/tmp/openca-tar</value>
</option>
<option>
<name>dataexchange_device_local</name>
<value>/usr/local/OpenCA/var/tmp/openca-tar</value>
</option>
Run /usr/local/OpenCA/etc/configure_etc.sh
  ---------------------------> but after i open web browser and press :
https://127.0.0.1/ca --> authorize with three tables and after the metal of 
browser bring to https://127.0.0.1//cgi-bin/ca/ca?cmd=getStaticPage&name=index, 
but there's nothing in my web page. Its colour's white. (^_^).
   
   i read log file in /var/log/httpd/ssl_error  ----> and i see error 
permission denied:exec of /usr/local/OpenCA/www/cgi-bin/ca/ca Failed.
   
  but when i press http://127.0.0.1/ca ---> after there's a notice into my web 
page
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator,
 [EMAIL PROTECTED] and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
<p>More information about this error may be available
in the server error log.</p>
<hr>
<address>Apache/2.2.2 (Fedora) Server at 192.168.1.5 Port 80</address>
</body></html>
  please help me !!!! my friends. i asked my all friends in IT department and 
nobody know ...
      Happy new year..


 
---------------------------------
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to