> The first certificate should be issued using the issue_certs.bin script
> you find in the $install_dir/bin dir.
Cool! This works! Do you have any plans for web UI for this script (on
ca-server)? The same question about browserExport.bin.
So, I generated my server cert and ra operator cert. Web server is
configured (at least, netscape thinks so) and browser imported my
operator cert.
Now I try to request client certificate. This request appeared in the
operator's "pendinq requests" list. When operator tries to approve it,
the window "Netscape: Digital Signature" appears. In this window, I see
the details of the client request and combo with my operator cert. When
I press "OK", I get the error message: "Sign is needed to proceed". What
could this be?
Also, some minor problems:
1. My openssl is in /usr. But all the scripts have the default value
/usr/local/ssl. It is very annoying to enter it every time. No global
config for this parameter exists:(
2. cacert.pem is linked to stuff/cacert.pem. What is this for? Sometime
the link gets broken (is you generate new CA cert, for example) and the
whole system is getting unusable. Does it really need these two links to
the same file?
3. In openssl.conf, the following line
#nsSslServerName = $ENV::SERVER_NAME
is initially commented out. I was to uncomment it manually in order to
generate my server cert. I guess this should be changed...
4. The documentation is far from perfect:). For example, no instructions
for httpd configuration (httpd.conf). About aliases for cgi-*, htdocs-*
etc.
Anyway, thank you very much for this idea. openssl is wonderful core
utulity which definitely needs good UI. OpenCA is a brilliant effort in
this direction!
It should not take to much time to make it usable for 99% of possible
uses!
Regards,
Sergey
_________________________________________________________________
OpenCA - Users Support Mailing List [EMAIL PROTECTED]
