Hi,
I'm setting up OpenCA to achieve the following:
We want to deploy VPN clients (routers) at customers' sites. A technician
will come on site, configure the router, generate key material and enroll it
via SCEP. We'd like the technician to manually approve the request on the RA
interface, and the CA to then sign it automatically (the on-site technicians
will not have access to the CA).
Can this be accomplished with OpenCA installed on two machines? One SCEP/RA
server and one CA server (not connected to the Internet but connected to the
RA via a secured network).
How do I setup the data exchange? Is sharing the MySQL database between the
two machines sufficient? Or do they need to exchange files? Can NFS be used
here? I'd like to avoid exchanging data via SCP or other cron scheduled
methods as this adds latency (and the on-site technician has to wait for the
process to complete).
Also, does OpenCA include CLI tools that we can integrate in our own web
interface? (we need just a few tools, on the RA: view CSR queue, approve/
reject requests, and on the CA: revoking certificates and issuing new CRL's).
Thanks,
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
------------------------------------------------------------------------------
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
