Re: [Openca-Users] [SOLVED] Very simple question about Server Generated Certificate Request

[Dr. Pala]

On 06/11/2013 08:31 AM, stelios wrote: Glad to help your great project ! Thanks. We worked hard many years on this and, although the main openca project has been in maintenance mode in the past 2/3 years it is still one of the best OpenSource PKI project out there. I have a lot of ideas about how PKIs should look like today - if you are curious, you can check out a couple of papers I published: http://middleware.internet2.edu/idtrust/2010/papers/13-pala-public-key-system.pdf http://www.cs.dartmouth.edu/~sws/pubs/peaches.pdf Furthermore  i'm interested in writing a "how to" guide in order to be straight forward for other users how to install openca if you are interested. I searched a lot on web before i succeed to install the project so i would like to share my experience. As i know there is not a very good tutorial out there. That would be great. We had a much more developed Wiki with lots of information, how-to, and tips for the configurations - however when we had to move from the server the DB of the WiKi was not properly saved and we lost all that documentation. So.. more docs would be great. I still think that the best way to create usable documentation is by using the wiki. If you want, I can give you access to the wiki so you could start working on that. Im working on a fedora 12 (x86) machine with versions : openca-tools-1.3.0-1.rhfc12.i686.rpm openca-base-online-1.1.1-1.rhfc12.i686.rpm openca-base-offline-1.1.1-1.rhfc12.i686.rpm openca-base-common-1.1.1-1.rhfc12.i686.rpm That is quite an old installation. Are you working with that distribution because you wanted to use the binaries ? I tried too with the latest versions on fedora 16 (x64) machine : openca-tools-1.3.0-1.rhfc13.x86_64.rpm openca-base-online-1.3.0-1.rhfc16.x86_64.rpm openca-base-offline-1.3.0-1.rhfc16.x86_64.rpm openca-base-common-1.3.0-1.rhfc16.x86_64.rpm but i faced some issues on certificate request after successful installation which i can tell you if you want. Yes, that would be great to know. I used it on FC16 without any issue. I have one more question if you dont mind please. Im building an autonomous project and it needs to auto issue certificates and auto revoke them too. Currently im creating new certificate requests with ldap authentication so my requests are stored as approved and "AutoCA daemon" auto issues them successfully but when i restart the openca service , the "openCA daemon" is disabled. Is there a way to make it auto start when openca service starts ? I saw that you added such option in 1.3.0 version but it doesn't work either , except if its a test version. Well, I have been debating if this is a good idea or not. I specifically added the option because of some commercial vendors that needed those features - however, from a security standpoint, I personally think it can be quite risky to have automated daemons for issuing and revoking certificates that automatically start when the software is started. However, I can totally understand the usefulness of the feature.. that is why I added it. If I remember correctly the feature was working fine - maybe there are still some bugs to be figured out... have you checked the logs ? Any clue where the issue might be ? Cheers, Max -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director Tel. (603) 369-9332 skype: openca

smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users