On Fri, March 22, 2024 12:32, [email protected] wrote:
> It has been awhile since I set this up, but essentially you end up
> generating 3 or 4 certificates.
> There is usually a script that you run after you change the placeholder
> values.
That script is not really useable on FreeBSD as shipped. I looked into using it
but the paths need to be changed for a lot of the file references therein and
some of the external scripts used are not packaged with Apache on FreeBSD. In
the end I decided that my time would be better spent on getting the software
working than trying to modify a one-time script.
> I noticed that you have been trying to get this thing running for a while
> now on BSD. Has it ever worked for you yet since you have been emailing
> this list?
>
Yes it is running on FreeBSD-13.2p9. It works fine for democa. I can issue
certs an d keys. I can sign csrs. I have done something odd with respect to
the demo cert I produced so that it does not import. But that will eventually
be resolved and in my opinion will come down to some missunderstanding on my
part when generating the cert.
For hll_ca2016 I can log on. The issues I have are almost certainly due to
realm misconfiguration resulting from my ignorance. That it what presently I
am trying to address.
I am investigating the intricacies of properly configuring a realm other than
democa. The documentation is fine as an aide-mémoire but it makes a lot of
assumptions respecting prior knowledge. I am not clear on exactly what a token
is or its relationship to certificates. Does it refer to a specific
certificate or a group of certificates issued by the same CA? That is not
clear to me.
> Have you thought of just renting a VM with Debian and see if you can get it
> working. Perhaps you will find a missing piece of instruction while following
> the typical Debian setup.
I am not presently considering switching to another OS and configuring a VM
just to install a piece of software which, in the end, either runs on FreeBSD
or we get something else. The time and effort is better spent, in my opinion,
on discovering the ins and outs of openxpki configuration. The object of the
exercise to to arrive at a working CA installation with the documented steps of
how to get this reproduced on any other FreeBSD system we may wish to employ in
this role.
My current belief is that there are simply a few remaining issues of
misunderstanding on my part as to how the private keys and pass phrases are
managed and resolving in my own mind the matter of what a token is and how it
is used with respect to certificates issued by the CA.
No doubt I will have further questions on how to set up profiles, but again,
that is simply obtaining knowledge of the mechanics of which files and what
contents.
Regards,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:[email protected]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
