Max, before your fix I had two CA cerficates, then I recreated DB and create a new CA cerficate. Now isn't possible create another certificate, it's correct, isn't?
With another CA Certificate, in my RA (online) I imported the configurations, and show this error. ========================== Importing archive ... Load required variables ... Changing to directory /opt/openca/var/openca/tmp/tmp_16040 ... Running the import command(s) ... /usr/bin/scp [EMAIL PROTECTED]:/tmp/exportando /tmp/exportando Import failed! 256 =========================== I have that remove some file in RA to reimport? Samuel Rios Carvalho On Thu, Oct 23, 2008 at 9:27 PM, Massimiliano Pala <[EMAIL PROTECTED]> wrote: > Hi Guys, > > quick fix for the problem - there was an error in passing the dataType > variable from the viewCert to the send certificate command. I attach the > fix to this email. > > Basically, you shall just copy the new files to: > > PREFIX/lib/openca/cmds > > where PREFIX, in the binaries distros, is '/opt/openca'. > > Let me know if this fixes the CA Certificate retrieval problem... > > Later, > Max > > P.S.: This does not fix the missing-symlinks problem.. :( > > Massimiliano Pala wrote: >> >> Hi Samuel, >> >> it is probably a bug - I can not find a reason why it should not work. >> I'll check on it and send you the results - maybe tomorrow! >> >> Later, >> Max >> >> >> Samuel Rios Carvalho wrote: >>> >>> I installed Openca 1.0.2 and created user´s certificates perfectly. >>> >>> But when I downloaded CA certificate in https://ca/pub didn´t found. >>> So I go to CA, in INFORMATION , CA CERTIFICATES and VALID. Showed me >>> the certificate. I clicked in certificate, more info and show this >>> error: >>> >>> Error Code: 6295020 >>> [initServer:314] Cannot load certificate 2147483647 from the database. >>> >>> So I created other CA Certificate and same error. >>> >>> Any idea? >>> >>> >>> Samuel Rios Carvalho > > -- > > Best Regards, > > Massimiliano Pala > > --o------------------------------------------------------------------------ > Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] > [EMAIL PROTECTED] > > Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 > PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 > --o------------------------------------------------------------------------ > > People who think they know everything are a great annoyance to those of us > who do. > -- Isaac Asimov > > ## OpenCA - Command > ## (c) 1998-2001 by Massimiliano Pala and OpenCA Group > ## (c) Copyright 2002-2004 The OpenCA Project > ## > ## File Name: viewCert > ## Brief: Display a certificate > ## Version: $Revision: 1.6 $ > ## Description: Display certificate data > ## Parameters: dataType, key > > ## this script supports the following configurable references > ## > ## INSTALL_CERT > ## LDAP > ## REVOCATION > ## SENDCERT > ## SEND_CERT_KEY > ## VIEW_CSR > ## TOKENHANDLING > ## MAIL > ## SET_PUBLIC_PASSWD > ## DELETE_PUBLIC_PASSWD > > use strict; > > sub cmdViewCert { > > our ( $query, $self ); > > my ($info_list, $cmd_list, $hidden_list, $cmd_panel) = (undef, undef, > undef, undef); > my ($hidden_pos, $info_pos, $cmd_pos) = (0, 0, 0); > > ## Get the Serial Number > my $key = $query->param( 'key' ); > my $dataType = $query->param( 'dataType' ); > my $status; > > my @certDataTypes = ( "VALID_CERTIFICATE", "EXPIRED_CERTIFICATE", > "SUSPENDED_CERTIFICATE", "REVOKED_CERTIFICATE" ); > > if( not $key and ($key != 0)) { > configError( gettext ("Error, missing key!") ); > } > > if ( not $dataType ) { > $dataType = "CERTIFICATE"; > } > > if ( $dataType =~ /^VALID_CERTIFICATE/ ) { > $status = gettext ("Valid"); > } elsif ( $dataType =~ /^EXPIRED_CERTIFICATE/ ) { > $status = gettext("Expired"); > } elsif ( $dataType =~ /^SUSPENDED_CERTIFICATE/ ) { > $status = gettext("Suspended"); > } elsif ( $dataType =~ /^REVOKED_CERTIFICATE/ ) { > $status = gettext("Revoked"); > } elsif ( $dataType =~ /^VALID_CA_CERTIFICATE/ ) { > $status = gettext("Valid"); > } elsif ( $dataType =~ /^EXPIRED_CA_CERTIFICATE/ ) { > $status = gettext("Expired"); > } elsif ( $dataType =~ /^CA_CERTIFICATE/ ) { > ## try to determine the datatype > if ($db->getItem ( DATATYPE => "VALID_CA_CERTIFICATE", KEY => $key )) > { > $dataType = "VALID_CA_CERTIFICATE"; > $status = gettext("Valid"); > } elsif ($db->getItem ( DATATYPE => "EXPIRED_CA_CERTIFICATE", KEY => > $key )) { > $dataType = "EXPIRED_CA_CERTIFICATE"; > $status = gettext("Expired"); > } else { > configError ( gettext ("Cannot determine status of this > CA-Certificate!")); > } > } elsif ( $dataType =~ /^CERTIFICATE/ ) { > ## try to determine the datatype > if ($db->getItem ( DATATYPE => "VALID_CERTIFICATE", KEY => $key )) { > $dataType = "VALID_CERTIFICATE"; > $status = gettext("Valid"); > } elsif ($db->getItem ( DATATYPE => "EXPIRED_CERTIFICATE", KEY => > $key )) { > $dataType = "EXPIRED_CERTIFICATE"; > $status = gettext("Expired"); > } elsif ($db->getItem ( DATATYPE => "SUSPENDED_CERTIFICATE", KEY => > $key )) { > $dataType = "SUSPENDED_CERTIFICATE"; > $status = gettext("Suspended"); > } elsif ($db->getItem ( DATATYPE => "REVOKED_CERTIFICATE", KEY => > $key )) { > $dataType = "REVOKED_CERTIFICATE"; > $status = gettext("Revoked"); > } else { > configError ( gettext ("Cannot determine status of this > Certificate!")); > } > } else { > configError (i18nGettext ("DataType not supported (__DATATYPE__)!", > "__DATATYPE__", $dataType)); > } > > my $cert = $db->getItem( DATATYPE=>$dataType, KEY=>$key ); > > configError( i18nGettext ("Error __ERRNO__, unable to get cert from dB! > (__ERRVAL__)", > "__ERRNO__", $db->errno(), > "__ERRVAL__", $db->errval())) if( not $cert ); > > my $parsedCert = $cert->getParsed(); > > ## build emailaddress string > my $emails = ""; > foreach my $email (@{$parsedCert->{EMAILADDRESSES}}) > { > $emails .= ", " if ($emails); > $emails .= $email; > } > > $hidden_list->{"cmd"} = ""; > $hidden_list->{"GET_PARAMS_CMD"} = ""; > $hidden_list->{"passwd"} = ""; > $hidden_list->{"key"} = $key; > $hidden_list->{"HIDDEN_key"} = $key; > $hidden_list->{"dataType"} = $dataType; > $hidden_list->{"dn"} = $parsedCert->{DN}; > $hidden_list->{"new_dn"} = ""; > $hidden_list->{"name"} = "PUBLIC"; > $hidden_list->{"format"} = ""; > $hidden_list->{"text"} = ""; > $hidden_list->{"signature"} = ""; > > my $tmpIssuer = $parsedCert->{ISSUER}; > my $tmpDN = $parsedCert->{DN}; > my $tmpStatus = $status; > > ## old version - if it can be removed then simply remove it > $tmpIssuer =~ s/[\/,]\s*(?=[A-Za-z0-9\-]+=)/<BR>\n/g; > $tmpDN =~ s/[\/,]\s*(?=[A-Za-z0-9\-]+=)/<BR>\n/g; > > my $now = timestamp(); > > if ( $tmpStatus =~ /^Valid/i ) { > if ($now > > $cryptoShell->getNumericDate ($parsedCert->{NOTAFTER})) { > $tmpStatus = gettext("Expired"); > } > } elsif ( $tmpStatus =~ /revoked/gi ) { > $tmpStatus = i18nGettext ("Revoked on __DATE__", "__DATE__", > $parsedCert->{HEADER}->{REVOKED}); > } elsif ( $tmpStatus =~ /^Expired/i ) { > if ($now <= > $cryptoShell->getNumericDate ($parsedCert->{NOTAFTER})) { > $tmpStatus = gettext("Not Expired"); > } > } > > my $download = ""; > my $revoke = ""; > > my $ctype = ""; > > if ( $dataType =~ /CA_CERTIFICATE/gi ) { > $download = '?cmd=send_email_cert;type=ca;dataType=$dataType;key='. > $key; # $cert->getSerial(); > $ctype = "ca"; > } else { > $download = > '?cmd=send_email_cert;type=email;dataType=$dataType;key='. > $key; # $cert->getSerial(); > $ctype = "email"; > $revoke = '?cmd=revoke_req;key='.$cert->getSerial(); > } > > # $info_list->{HEAD}->[0] = gettext("Variable"); > # $info_list->{HEAD}->[1] = gettext("Value"); > > my $html_download = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Download")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='sendcert'; > format_sendcert.value='CER';\">"; > my $text = undef; > > $text = "<table style='width: 500px;'>"; > $text .= "<tr><td style='padding: 10px;'>" . > "<a href=\"$self?cmd=send_email_cert;type=$ctype;" . > "dataType=$dataType;key=" . > # $cert->getSerial() . "\" alt=\"" . > $key . "\" alt=\"" . > gettext ("Install this Certificate" ) . "\">" . > " <img src=\"" . getRequired('HtdocsUrlPrefix') . > "/images/cert-icon.png\" alt='" . > gettext("Install this Certificate") . "'/></a>" . > "</td>"; > $text .= "<td>" ; > > $text .= " <table style='width: 400px;'>" . > " <tr><td colspan='2' " . > "style='font-size: 150%; font-style: bold;'>" . > $parsedCert->{DN_HASH}->{CN}[0] . " [" . > $cert->getSerial() . "]</td></tr>"; > $text .= " <tr><td style='color: #777;'>" . > "Issued By:</td>" . > " <td style='color: #777'>" . > $parsedCert->{ISSUER_HASH}->{O}[0] . "</td>"; > $text .= " </tr>"; > $text .= " <tr><td style='color: #777;'>" . > "Expiration on:</td>" . > " <td style='color: #777;'>" . > $parsedCert->{NOTAFTER} . "</td></tr>"; > $text .= " <tr><td style='color: #777;'> " . > "Profile:</td>" . > " <td style='color: #777;'>" . > $parsedCert->{HEADER}->{ROLE} . "</td></tr>"; > > $text .= " <tr><td> </td>" . > " <td style='font-size: 80%; color: #777;'>" . > "<a > href=\"$self?cmd=viewCertFull;dataType=$dataType;" . > # "key=" . $cert->getSerial() . "\" >" . > "key=$key\" >" . > gettext ( "More Info" ) . "... </a></td></tr>"; > $text .= " </table>"; > > $text .= "</td>"; > $text .= "</tr>"; > > $text .= "<tr><td colspan='2'><hr size='1' style='color: #fff;'/>" . > "</tr></td>"; > > # $text .= " <tr><td colspan='2'>" . > # " <td style='text-align: right;'>" . > # $html_download . "</td></tr>"; > > # $text .= "<tr><td colspan='2'>" . gettext ("Certificate Profile" ) . > # ":<br/>" . $parsedCert->{HEADER}->{ROLE} . "</td></tr>"; > > $text .= "<tr><td colspan='2'>" . gettext ("Fingerprint" ) . > ":<br/>" . $parsedCert->{FINGERPRINT} . "</td></tr>"; > > $text .= "</table>"; > > $info_list->{BODY}->[$info_pos++]->[1] = $text; > > > ####################################### > ## here starts the filtered commands ## > ## here starts the filtered commands ## > ## cmd_list ## > ####################################### > > $cmd_list->{HEAD}->[0] = gettext ("Operations"); > > my $allow = libGetPermissionHash (getRequiredList ('CmdRefs_viewCert')); > > ## perhaps an operator want to have a look at the request > if ($allow->{VIEW_CSR} and > $parsedCert->{HEADER}->{CSR_SERIAL} > ) { > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("CSR's Serial Number"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = "<a href=\"". > > "?cmd=viewCSR&dataType=ARCHIVED_REQUEST&key=". > > $parsedCert->{HEADER}->{CSR_SERIAL}."\">". > > "$parsedCert->{HEADER}->{CSR_SERIAL}</a>"; > $cmd_pos++; > } > > ## download certs in different formats > if ( $allow->{SENDCERT} and > ($dataType =~ /(VALID|EXPIRED|SUSPENDED)/i) > ) { > my $select = "<select " . > " class=\"Medium\" name=\"format_sendcert\">\n". > "<option value=\"pem\">PEM</option>\n". > "<option value=\"der\">CER</option>\n". > "<option value=\"pem\">CRT</option>\n". > "<option value=\"der\">DER</option>\n". > "<option value=\"txt\">TXT</option>\n". > "</select>\n"; > my $button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Download")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='sendcert';\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Certificate"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $select.$button; > $cmd_pos++; > } > > ## prepare download of private keys > if ( $allow->{SEND_CERT_KEY} and > $parsedCert->{KEY} > ) { > my $select = "<select name=\"format_send_cert_key\">\n". > "<option value=\"openssl\">SSLeay > (mod_ssl)</option>\n". > "<option value=\"pkcs8\">PKCS#8</option>\n". > "<option value=\"pkcs12\">PKCS#12</option>\n". > "</select>\n"; > my $button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Download")."\" ". > "Class=\"medium\" " . > > "onClick=\"cmd.value='getParams';GET_PARAMS_CMD.value='send_cert_key';\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Certificate and > Keypair"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $select.$button; > $cmd_pos++; > ## Change passphrase > my $change_button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Change")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='changePasswd'\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Change Passphrase"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $change_button; > $cmd_pos++; > ## Remove private key from DB > my $remove_button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Remove")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='removeKey'\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Remove Key from > database"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $remove_button; > $cmd_pos++; > } > > ## prepare the actualization of the LDAP > if ( $allow->{LDAP} and > (getRequired ('LDAP') =~ /y/i) > ) { > ## update cert on LDAP > my $ldap_button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Add to LDAP")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='ldapAddCert'\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Add the certificate to > LDAP"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $ldap_button; > $cmd_pos++; > ## update cert on LDAP with modified DN > $ldap_button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Add to LDAP with modified > DN")."\" ". > > > "onClick=\"cmd.value='getParams';GET_PARAMS_CMD.value='ldapAddCertByName';\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Add the certificate to > LDAP but with changed DN"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $ldap_button; > $cmd_pos++; > ## delete cert from LDAP > $ldap_button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Delete from LDAP")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='ldapDeleteCert'\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Delete the certificate > from LDAP"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $ldap_button; > $cmd_pos++; > ## delete cert from LDAP with modified DN > $ldap_button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Delete from LDAP with modified > DN")."\" ". > "Class=\"medium\" " . > > > "onClick=\"cmd.value='getParams';GET_PARAMS_CMD.value='ldapDeleteCertByName';\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Delete the certificate > from LDAP but with changed DN"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $ldap_button; > $cmd_pos++; > } > if ($allow->{TOKENHANDLING} and > not $parsedCert->{IS_CA} and > $status ne gettext("Revoked") and > $status ne gettext("Suspended") > ) > { > my $ra_button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Class=\"Medium\" " . > "Value=\"".gettext("Install Certificate")."\" ". > "onClick=\"cmd.value='getcert'\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Tokenhandling"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $ra_button; > $cmd_pos++; > } > if ($allow->{MAIL}) { > my $ra_button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Write a mail")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='writeCertMail'\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Send mail to the > User"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $ra_button; > $cmd_pos++; > } > > ## set enrollment passphrase for certificate and private key on public > gateway > if ( $allow->{SET_PUBLIC_PASSWD} and > $parsedCert->{KEY} and > ($dataType =~ /(VALID|EXPIRED|SUSPENDED)/i) > ) { > my $button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Set passphrase")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='setPasswd';\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Set passphrase for key > enrollment"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $button; > $cmd_pos++; > } > if ( $allow->{DELETE_PUBLIC_PASSWD} and > $parsedCert->{KEY} and > ($dataType =~ /(VALID|EXPIRED|SUSPENDED)/i) > ) { > my $button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Delete passphrase")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='deletePasswd';\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Delete passphrase for > key enrollment"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $button; > $cmd_pos++; > } > > ## revoke cert > if ( $allow->{REVOCATION} and > $status ne gettext("Revoked") > ) > { > my $ra_button = "<input ". > "TYPE=\"Submit\" ". > "Name=\"Submit\" ". > "Value=\"".gettext("Revoke")."\" ". > "Class=\"medium\" " . > "onClick=\"cmd.value='revoke_req'\">"; > $cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Start Revocation"); > $cmd_list->{BODY}->[$cmd_pos]->[1] = $ra_button; > $cmd_pos++; > } > > if ($allow->{INSTALL_CERT}) { > if ($dataType =~ /(VALID|EXPIRED|SUSPENDED)_CERTIFICATE/) { > $cmd_panel->[0] = > "<a href=\"".$download."\" onClick=\"alert('The > Certificate will be installed under Other People Certificates > Tab');\">".gettext("Install the certificate")."</a>"; > $cmd_panel->[1] = > "<a href=\"".$revoke."\">".gettext("Revoke the > certificate")."</a>"; > } > } > > return libSendReply ( > "NAME" => i18nGettext ("__STATUS__ > Certificate", "__STATUS__", $status), > # "EXPLANATION" => gettext ("Following you can find > the certificate details."), > # "TIMESTAMP" => 1, > "INFO_LIST" => $info_list, > # "CMD_LIST" => $cmd_list, > # "CMD_PANEL" => $cmd_panel, > "HIDDEN_LIST" => $hidden_list > ); > } > 1; > > ## OpenCA - Command > ## (c) 1998-2001 by Massimiliano Pala and OpenCA Group > ## (c) Copyright 2002-2004 The OpenCA Project > ## > ## File Name: send_email_cert > ## Brief: send cert in PEM-format > ## Version: $Revision: 1.2 $ > ## Description: this script is used to give the user a cert > ## Parameters: key, dataType > > use strict; > > sub cmdSend_email_cert { > > ## Version Information > $VER = '2.1.01'; > $PRG = 'Certificates Send over HTTP'; > > ##// Let's get parameters > my $type = $query->param('type'); > my $key = ( $query->param('key') || $query->param('serial') ); > my $dataType = ( $query->param('dataType') || "VALID_CERTIFICATE" ); > > my $mimetype = "Content-type: application/x-X509-XXX-cert\n\n"; > my $bgcert = '-----BEGIN CERTIFICATE-----'; > my $endcert = '-----END CERTIFICATE-----'; > > my $cert; > > ## Now we must take different path for we can give certs for user/ca > ## or whatever we want. > if ( "$type" =~ /(email|user|ca)/i ) { > $mimetype =~ s/XXX/$type/g; > } > > ## If we want the Text Version of the Certificate > if ( $type =~ /txt/i ) { > $mimetype = "Content-type: text/html\n\n"; > $mimetype .= "<PRE>\n"; > } > > ## fix the format > if ( $query->param ("HTTP_USER_AGENT") =~ /IE/i ) { > $type = "DER"; > } > > ## Get the certificate from the DB > if ( $cert = $db->getItem(DATATYPE=>$dataType, KEY=>$key ) ) { > print "$mimetype"; > > if( $type =~ /txt/i ) { > print $cert->getTXT(); > } elsif ( $type =~ /der/i ) { > print $cert->getDER(); > } else { > print $cert->getPEM(); > } > } else { > generalError (gettext ("Cannot load certificate from the > database!")); > } > } > > 1; > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users > > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
