Re: [Openca-Users] Help getting started

Thu, 21 Jan 2010 01:47:02 -0800

Hello Ryan,

first of all, if you want only to try OpenCA, I would suggest to try the http://www.dartmouth.edu/~deploypki/CA/InstallOpenCALiveCD.html

If you still want to install it on running server, here are some steps.

I'm using Debian and installed openca 1.0.2 from sources. Considering you read the manual http://www.openca.org/~madwolf/index.html and you know the basics, I'll put here only the really basic stuff not well covered in docs.
Download the sources into e.g. /usr/local/src. This is an installation of online and offline node on one single machine (not much secure, but good enough for development). My command of installing is as (online and offline at once)
 
cd /usr/local/src
rm -rf /usr/local/openca && rm -rf openca-base-1.0.2 && tar xvfz openca-base-1.0.2.tar.gz && cd openca-base-1.0.2 && make distclean && ./configure --prefix=/usr/local/openca --with-httpd-user=www-data --with-httpd-group=www-data --with-openca-prefix=/usr/local/openca/openca --with-etc-prefix=/usr/local/openca/openca/etc --with-module-prefix=/usr/local/openca/modules --with-web-host=openca.yourdomain.sk --enable-ocspd && make && make install-offline && cd .. && rm -rf /usr/local/openra && rm -rf openca-base-1.0.2 && tar xvfz openca-base-1.0.2.tar.gz && cd openca-base-1.0.2 && make distclean && ./configure --prefix=/usr/local/openra --with-httpd-user=www-data --with-httpd-group=www-data --with-openca-prefix=/usr/local/openra/openca --with-etc-prefix=/usr/local/openra/openca/etc --with-module-prefix=/usr/local/openra/modules --with-web-host=openra.yourdomain.sk --enabl
e-ocspd && make && make install-online && cd ..

This should work if you have all required packages. You'll see.

Apache.

This section is very poorly documented in docs (was still year ago, or so). I found some examples few years ago and adjusted them to my needs.

OPENCA:

<VirtualHost 1.2.3.4:443>
    SSLEngine               on
    SSLCACertificateFile    /etc/apache2/ssl/certificates/ca.yourdomain.sk.pem
    SSLCertificateFile      /etc/apache2/ssl/certificates/openca.yourdomain.sk.pem
    ServerAdmin        caad...@yourdomain.sk
    ServerName        openca.yourdomain.sk
 
    Alias       /ca /usr/local/openca/openca/var/www/html/pki/ca
    ScriptAlias /cgi-bin/pki/ca/ /usr/local/openca/openca/var/www/cgi-bin/pki/ca/
 
    Alias       /node /usr/local/openca/openca/var/www/html/pki/node/
    ScriptAlias /cgi-bin/pki/node/ /usr/local/openca/openca/var/www/cgi-bin/pki/node/
 
    Alias       /pki /usr/local/openca/openca/var/www/html/pki/
    ScriptAlias /cgi-bin/pki/ /usr/local/openca/openca/var/www/cgi-bin/pki/
 
    <Directory "/usr/local/openca/openca/var/www/cgi-bin/pki/">
         AllowOverride None
         Options ExecCGI
         SSLOptions +StdEnvVars  +ExportCertData
         Order allow,deny
         Allow from all
    </Directory>
    <Directory "/usr/local/openca/openca/var/www/html/pki/">
         AllowOverride None
         Options FollowSymLinks Indexes
         SSLOptions +StdEnvVars  +ExportCertData
         Order allow,deny
         Allow from all
    </Directory>
</VirtualHost>
OPENRA:

<VirtualHost 1.2.3.5:443>
    SSLEngine               on
    SSLCACertificateFile    /etc/apache2/ssl/certificates/ca.yourdomain.sk.pem
    SSLCertificateFile      /etc/apache2/ssl/certificates/openra.yourdomain.sk.pem
    ServerAdmin        caad...@yourdomain.sk
    ServerName        openra.yourdomain.sk
 
    Alias       /ra /usr/local/openra/openca/var/www/html/pki/ra/
    ScriptAlias /cgi-bin/pki/ra/ /usr/local/openra/openca/var/www/cgi-bin/pki/ra/
 
    Alias       /pub /usr/local/openra/openca/var/www/html/pki/pub/
    ScriptAlias /cgi-bin/pki/pub/ /usr/local/openra/openca/var/www/cgi-bin/pki/pub/
 
    Alias       /node /usr/local/openra/openca/var/www/html/pki/node/
    ScriptAlias /cgi-bin/pki/node/ /usr/local/openra/openca/var/www/cgi-bin/pki/node/
 
    Alias       /pki /usr/local/openra/openca/var/www/html/pki/
    ScriptAlias /cgi-bin/pki/ /usr/local/openra/openca/var/www/cgi-bin/pki/
 
    <Directory "/usr/local/openra/openca/var/www/cgi-bin/pki/">
         AllowOverride None
         Options ExecCGI
         SSLOptions +StdEnvVars  +ExportCertData
         Order allow,deny
         Allow from all
    </Directory>
    <Directory "/usr/local/openra/openca/var/www/html/pki/">
         AllowOverride None
         Options FollowSymLinks Indexes
         SSLOptions +StdEnvVars  +ExportCertData
         Order allow,deny
           Allow from all
    </Directory>
    <Directory "/usr/local/openra/openca/var/www/cgi-bin/pki/pub">
         AllowOverride None
         Options FollowSymLinks Indexes
         SSLOptions +StdEnvVars  +ExportCertData
         Order allow,deny
         Allow from all
    </Directory>
</VirtualHost>

There are some other issues, but this should give you working installation after configuring (see docs).

Best,
Jozef Hamar
 
_   _   _   _   _   _   _   _   _   _   _   _   _   _   _   _   _   _
 `-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `-' `-
I must not fear. Fear is the mind-killer. Fear is the little-death that
brings total obliteration. I will face my fear. I will permit it to pass
over me and through me. And when it has gone past I will turn the inner
eye to see its path. Where the fear has gone there will be nothing. Only
I will remain.


Kinateder, Ryan wrote: 
Does anybody have a good "getting started" resource for the latest version of openca (1.0.2).  I've used the binary installations for Cent 4.7, and get an rpm registration error, and it appears there are some necessary apache httpd.conf updates that need to be made.  I have not been able get the web interface working.  There doesn't seem to be any step by step instructions in the html documentation.   I've tried the "cookbook" instructions located on the mailing list but to no avail, and am wondering if the cookbook is out of date (created in 2004)

Any suggestions?  Are there instructions on any post steps after using the binary package files?  Are any of the OS's listed in the download section easier than the others?  Is it recommended to use the binary installers or install from source?  I'm just trying to get something simple up and running to see if I want to use this for our development environment.

Thanks.
Ryan



------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
  
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to