Hi!
I have installed OpenCA-20000916 and want to comment on some
problems I had.
First you assume the user to install openssl as an addon, well I
use OpenBSD and this OS has integrated OpenSSL into the
system, so asking for an OpenSSL installation directory does not
make sense, I just took /usr/local and changed all calls for openssl
to /usr/sbin/openssl by hand since configfile parsing did not seem
to be enough (maybe this was not really necessary).
Second you often use /bin/sh in your shell skripts, while
programming in bash. On some systems /bin/sh is really just
bourne shell compatible so you might want to really call /bin/bash
or just programm in sh.
Has anyone successfully generated a CA keypair with the
webinterface? IMHO this is not possible, because the key
generation code of OpenCA::OpenSSL did not work for me.
Have you considered using POST than GET, this way you don't log
passwords to your webservers logfile, AFAIK.
The verify program does not work for me. Where it is used in the
scripts, it is called as "verify signaturefile -d textfile -cf cacert" while
"verify -h" suggests something like "verify -in signaturefile ...". Well
that told me the signature was not valid. Might be because you
have to use the certificate of the user that signed your data?
When creating a certificate for a RA Admin, do I need a special
type of a certificate or could I just use a normale User Cert?
Keep up the good work and have a nice day,
Nikolay
--------------------------------------------------------------
Per problemi: [EMAIL PROTECTED] oppure (anche meglio)
[EMAIL PROTECTED] (messaggio con la sola parola HELP)
--------------------------------------------------------------
