"Sergey V. Udaltsov" wrote:
> Cool! This works! Do you have any plans for web UI for this script (on
> ca-server)? The same question about browserExport.bin.
We will probably add a command, we'll see...
[...]
> I press "OK", I get the error message: "Sign is needed to proceed". What
> could this be?
You got the request text to be signed and the choice between the certificates
to sign with ? You have to have the javascript enable for the signature
to be generated - Netscape 4.06+ is needed for the Javascript function to
properly work...
> Also, some minor problems:
> 1. My openssl is in /usr. But all the scripts have the default value
> /usr/local/ssl. It is very annoying to enter it every time. No global
> config for this parameter exists:(
This have been fixed in SNAPs and new options will be available in the
next release.
> 2. cacert.pem is linked to stuff/cacert.pem. What is this for? Sometime
> the link gets broken (is you generate new CA cert, for example) and the
> whole system is getting unusable. Does it really need these two links to
> the same file?
No, this is due to previous versions choices.
> 3. In openssl.conf, the following line
> #nsSslServerName = $ENV::SERVER_NAME
> is initially commented out. I was to uncomment it manually in order to
> generate my server cert. I guess this should be changed...
If you do not comment that line, you'll have to have a non empty value for
the $SERVER_NAME env variable or openssl will give you an error. Please not
you are probably using openca v.0.2.xx wich uses openssl 0.9.4 (.5) features.
> 4. The documentation is far from perfect:). For example, no instructions
> for httpd configuration (httpd.conf). About aliases for cgi-*, htdocs-*
> etc.
You are right, documentation is the worst part of the project... this is
because I am lazy ... :-( I'll try to do better for the next release...
> Anyway, thank you very much for this idea. openssl is wonderful core
> utulity which definitely needs good UI. OpenCA is a brilliant effort in
> this direction!
> It should not take to much time to make it usable for 99% of possible
> uses!
The new version has been mostly rewritten and re-structured to aceive an
object-oriented modularization (for different x500 objects like certificates,
crls, requests, etc... ) and to improve code readability.
Also new DB support have been added and thanks to Michael Bell it is
also possible to use the OpenCA::DBI (instead of the OpenCA::DB) module
to use OpenCA with a DBI supported DBMS ( DB2, MySQL, Oracle, etc... ).
Attention to certificates' extesions have been added... there is still much
work to do anyway...
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
S/MIME Cryptographic Signature
