Hello OpenCA Team, for upgrading purposes from 0.9.(4) I evaluated the most recent release 1.0.2 on a Debian 5.0 configured and build from the sources and came accros several issues.
The most important to be mentioned here, maybe you can help me. 1. If I turn off usage of LOA's in etc/config.xml it seems to be impossible to initialize the root, cause I cannot request certificates for CAMaster ans RA. The displayed LAO is empty and I receive an errormessage that says something like: You cannot request a certificate using that LOA. It does not matter if I choose broser generated keypair or server generated, I always receive that error. 2. There seem to occur some cruel template confusion when I use a german Firefox. When I setup my browser to accept de_DE and request a certificate, the template for user is translated to "Nutzer". When I try to approve the request in the RA interface I get an error like that: The compilation of the command cmdViewCSR failed. Can't use an undefined value as a HASH reference at /usr/local/openca/openca/lib/openca/functions/crypto-utils.lib line 1215 After some investigation it turned out, that the configuration cannot be loaded at that point, cause he is looking for a template named Nutzer.conf instead user.conf. If I reconfigure my Browser to en_US the same request works. Is there an error in the template naming process or is this an issue of misconfiguration? 3. Thats a theoretical question. Even in older releases I always wondered why there occurs a CDP in the initial self-signed root certificate. As far as I know that's wrong. And as far as I understand a CDP for a CRL should occur only in certificates that are issued by the instance that also issues the CRL mentioned in the CDP. So if I have a end-user certificate, the CDP point's to the CRL of the issuing SubCA. And if I look into this SubCA certificate I should find the CDP where I can download the CRL from the SubCA's issuer ... for example a root CA. So if this root is selfsigned, who's CDP do I find in there?? Nobodys or am I wrong? So is it a misconfiguration too, or am OI completely wrong? Greets Jeremy ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
