Hi,
any tips here?
Between the RA and the CA, should I share just the MySQL database, or do
they need to exchange files as well? How can this be done in real time?
Thanks,
Geert
On Tue, Jun 01, 2010 at 11:47:41AM +0200, Geert Hendrickx wrote:
> Hi,
>
> I'm setting up OpenCA to achieve the following:
>
> We want to deploy VPN clients (routers) at customers' sites. A technician
> will come on site, configure the router, generate key material and enroll it
> via SCEP. We'd like the technician to manually approve the request on the RA
> interface, and the CA to then sign it automatically (the on-site technicians
> will not have access to the CA).
>
> Can this be accomplished with OpenCA installed on two machines? One SCEP/RA
> server and one CA server (not connected to the Internet but connected to the
> RA via a secured network).
>
> How do I setup the data exchange? Is sharing the MySQL database between the
> two machines sufficient? Or do they need to exchange files? Can NFS be used
> here? I'd like to avoid exchanging data via SCP or other cron scheduled
> methods as this adds latency (and the on-site technician has to wait for the
> process to complete).
>
> Also, does OpenCA include CLI tools that we can integrate in our own web
> interface? (we need just a few tools, on the RA: view CSR queue, approve/
> reject requests, and on the CA: revoking certificates and issuing new CRL's).
>
> Thanks,
>
>
> Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
