Aram Khalili wrote:
>
> Hello,
>
> I've downloaded and tried to install a test version of OpenCA 0.2.0-4, and
> the install script don't quite work, it seems. Where are the perl modules
> supposed to go? I've manually copied them into a /usr/lib/perl5/5.xxxxx/
> directory. Further, exporting certificated gives me the following error:
You should have done:
$ su -
# make perl-modules
This will install the modules. On the RAServer you'll have to install the
LDAP-Api module either.
> Configuration Error. Can not find "/usr/local/OpenCA/cacert.der" file!.
This is because you did not generated your CA certificate during the installation
of the ca (make ca).
> What should have installed that file?
>
> Still further, importing fails with:
>
> Importing Requests Failed from /tmp/openca-inca.tar!
>
> /bin/tar: Cannot open /tmp/openca-inca.tar: No such file or directory
> /bin/tar: Error is not recoverable: exiting now
>
> That may be because I don't provide the file, but I don't know that.
That file is generated by the RAServer when exporting approved requests. Take a look
either to the raserver.conf and ca.conf you find in ( cgi-ca and cgi-raserver or
whatever you called that dirs during installation ).
> Issued Certificated generates an empty list. I haven't added any, but
> shoudn't it show the self-signed CA master key?
No, it gives only the issued certificates, not the CA one.
> Another Exporting error is:
>
> Certificate Exporting ....
>
> Archiving Failed on /tmp/openca-outca.tar!
>
> /bin/tar: Cannot add file *.pem: No such file or directory
> /bin/tar: Error exit delayed from previous errors
>
> Probably for similar reasons as importing.
This is because you did not issued any new certificates, when you issue a new
certificate a copy is put into the $ca/certs/new directory and when you export
them it will search for *.pem files there.
> Also, when generating a new request, the master CA password is entered
> into a plaintext Netscape box, i.e. anyone can read it from the screen.
Yes, I know... but netscape do not provide any javascript function for a
'passwd' box. This has been fixed in new upcoming version...
> Finally the whole process fails with:
>
> Oops, this time worked. Does the country have to be 2 letters?
Yes. Take a look at the x.500 naming scheme.
> Anyhow, I'd appreciate some pointers on the above problems.
Hope this will solve most of your problems. Take also a look at the INSTALL
file.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
