I'm sorry it took so long to get back to you on this, but when encountering the same problem, here's the solution I found (Modified the FAQ):
(from User Guide) 1.9. How can I setup a sub CA? 1. Initialize the SubCA (initialize database, generate secret key, generate request from ) 2. export request 3. untar the export (to get the careq.pem), the next steps are only correct if you use OpenCA for your Root CA 4. Point to the Root CA public interface -> request a certificate -> server request -> browse for the careq.pem and submit the request 5. Point to the Root CA RA interface and approve the request, upload to the Root CA CA; point to CA interface, 6. issue the certificate 7. Download the certificate for the sub CA via the RA or public interface of the Root CA - [Certificate and Keypair->SSLeay (mod ssl)->Download] 8. Rename the file to cacert.pem and manually make a new tar (#/bin/tar -cvpf /tmp/openca_local -C cacert.pem) 9. Point your browser to the SubCA CA interface and "import CA certificate approved by Root CA" Jack D. Pond Description: PSITEX Logo "Don't bother just to be better than your contemporaries or predecessors. Try to be better than yourself." -- William Faulkner (1897-1962) From: Mohammad khodaei [mailto:m_khod...@yahoo.com] Sent: Thursday, June 07, 2012 10:06 AM To: Users' Help and Suggestions Subject: Re: [Openca-Users] Problem in issuing SubCAs Any idea, suggestion to help me to move on? _____ From: Mohammad Khodaei <m_khod...@yahoo.com> To: OpenCA Users <openca-users@lists.sourceforge.net> Sent: Wednesday, June 6, 2012 7:12 PM Subject: [Openca-Users] Problem in issuing SubCAs Hello, I have installed openCA on my machine and now it's the time to install two subCAs. For the time being, I will install both rootCA and two subCAs on the same machine (now for testing) while I will be installing each on different machine later on. What I did to issue subCAs are as below: I went to "https://subca.localhost/pki"; and then logged in. I went to "Generate New CA Secret keys" and fulfil the form. Next I went to "Generate new CA certificate request (use generated secret key)" option and fulfill the fields as well. Later on, I chose "Export CA certificate request" to export my request. The request was successfully generated and located in "/tmp/openca_local". Next I did as follows: cp /tmp/openca_local tar xvf openca_local cat careq.pem and then copy the content into a new file called: "subca.pem" Having done that, I went to "https://rca.loalhost/pki/pub"; and logged in. From there, I went to "Request a Certificate" option, I went to "Server Certificate Request" and I chose that pem file (subca.pem) and fulfil the rest of fields. Now when I went to "https://rca.localhost/pki/"; and go to "CA Operations/Certification Request/New" to issue the certificate, there is no certificate in the list to select and issue. As far as I know, the request has to be shown up there to move on and issue. I've got no idea why it does not there. Any idea where is the problem? And what shall I do to solve the problem? Looking forward for your comments and suggestions. Please let me know if there are some ambiguous parts or you need more explanation. Thanks ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
<<image001.gif>>
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
