Geoff Gowey wrote:
>
> Hello,
>
> I like your project, but I must confess that I find the INSTALL rather
> confusing. I'm new to OpenCA, but would like to implement it. However, I
> need detailed instructions for a full installation. How many systems should
> there be (in addition to the site webserver)? What packages are needed for
> all of the systems to make openca work? In what steps should the packages
> be added? How many systems (and which ones) need OpenLDAP? How do the site
> webservers obtain the certs? Just some questions from a newbie. Thank you.
>
> Geoff
> [EMAIL PROTECTED]
You can take a look at the files in the docs/ directory (Structure) to have
a description of the systems involved and their usage... anyway I'll try to
answer briefly to your questions:
1 - There should be at least 2 'computers' involved. The 'ca' (1)
must be disconnected from any network and kept in a secure
room. It comunicates only with the RAServer by removable
media. The 'RAServer' (2) is the server where Operators connect
to for approving/exporting/deleting certification requests.
The interface requires a web server running on the 'ca' AND
one (or more) webserver on the RAServer. On the RAServer you
have also to install the 'public' part of the system where users
connect to when interacting with the PKI (request/etc...).
2 - Packages needed on the CA are:
OpenCA;
Perl;
OpenSSL;
bash;
Netscape;
OpenCA Modules (in the misc directory), excluding Net-LDAPApi;
Apache;
Packages needed on the RAServer are:
OpenCA;
Perl;
OpenSSL;
bash;
OpenLDAP;
OpenCA Modules (in the misc directory), including Net-LDAPApi;
Apache+mod_ssl;
Versions of packages depend on the OpenCA version you are going to use;
3 - Installation of software should have the following order:
OpenSSL -> apache (+mod_ssl*) -> OpenLDAP(*) -> OpenCA -> OpenCA
Modules
* - where needed
4 - OpenLDAP is needed on the RAServer only;
5 - For website there is not a form, so you have to ask for a PKCS#10 formatted
request and do some work by hand. This will be fixed in future releases;
Hope this clarifies some of the aspects of the OpenCA structure. If you have further
questions... just ask.
Please, as theese are common problems wich many have had when installing OpenCA
for the first time, send your messages to the openca-users mailing list... :-D
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
