Re: [Openca-Users] another question about basedn
Hi, I´m not sure but I think that comes from DIR/etc/servers/ldap.conf the directive ' LDAP_CA_DN "" ' Try to put a base there and import all certificates from the web management interface. Nguyen Dinh Nam [EMAIL PROTECTED] wrote: Hello,I've a question, in lib/cmds/ldapImportCerts, I foundmy $basedn = getRequired( "basedn" );There is no basedn directive in config.xml, so where "basedn" will come from?---SF email is sponsored by - The IT Product GuideRead honest candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now.http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click___Openca-Users mailing listOpenca-Users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/openca-users
[Openca-Users] Getting Certificates from the ldap server
Hello list, I just stepped into OpenCA. It looks really great to me. I managed to set up a complete CA, distribute certs, send encrypted emails, login to the web interface by using certs and move all the certificates to my ldap-server. But: How can I use now the certificate, that are stored in the ldap server? How does a user A, who is using e.g. thunderbird and wants to write an Email to user B, get the certificate B from the ldap-server? What do I have to be aware of? Kind regards Cornelius --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click ___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
RE: [Openca-Users] Getting Certificates from the ldap server
But: How can I use now the certificate, that are stored in the ldap server? How does a user A, who is using e.g. thunderbird and wants to write an Email to user B, get the certificate B from the ldap-server? What do I have to be aware of? You have to use the ldap server as adressbook in thunderbird. Regards til smime.p7s Description: S/MIME cryptographic signature
[Openca-Users] Renew Self-Signed CA Certificate
Hi, I know that this could be a very basic question, but i do not known what is the procedure to renew the self-signed CA Certificate. could anyone help me? Regards, Jose --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click ___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
Re: [Openca-Users] Getting Certificates from the ldap server
[EMAIL PROTECTED] schrieb: Hello there I managed to set up a complete CA, distribute certs, send encrypted emails, login to the web interface by using certs and move all the certificates to my ldap-server. Well done ! But: How can I use now the certificate, that are stored in the ldap server? How does a user A, who is using e.g. thunderbird and wants to write an Email to user B, get the certificate B from the ldap-server? What do I have to be aware of? I am not sure about Thunderbird, but apps like Outlook and Acrobat can both talk LDAP to retrieve certificates. It is a pretty simple task to make a web front end (using Perl::Net::LDAP) to provide an interface to the directory. Chris... Yess, thunderbird supports it. It was due to some bad configuration. I had some old certificates with a bad BaseDN. The BaseDN of the certificates was another one than the BaseDN of the CA and the Ldap. Now, with new correct certs it works fine. (Thunderbird 1.0) Regards Cornelius --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click ___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
Re: [Openca-Users] Getting Certificates from the ldap server
Obes, Til schrieb: But: How can I use now the certificate, that are stored in the ldap server? How does a user A, who is using e.g. thunderbird and wants to write an Email to user B, get the certificate B from the ldap-server? What do I have to be aware of? You have to use the ldap server as adressbook in thunderbird. Regards til Well. on the one machine it worked out fine using Fedora Core 2 as a client. Wenn I was using the same ldap server, the same ca, the same email names it did not work on a Fedora Core 1. I guess I have to switch to a ldap mailing list ;-) ? Regards Cornelius --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click ___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
[Openca-Users] Upgrade from 0.9.1-10 to 0.9.2.1
Two questions: What do I need to do to upgrade my CA from 0.9.1-10 to the 0.9.2.1 as far as moving databases, certificates, and configuration files? How do I set up RBAC such that only certificates with the role RA Operator or CA Operator can log into the RA, Data exchange, and CA? Regards JB --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click ___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
[Openca-Users] Can mark private keys as not exportable?
Hello Can I configure OpenCA so that browsers generate or download user's private key and mark it as non exportable? My goal is to serve certificates and keys to users in order to access a secure server but ensure per-browser certificates, not being able to share certs/keys Regards, Jordi --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click ___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
[Openca-Users] LDAP: Distinguished name conflicts with basedn(s).
Hello I Installed OpenCa with ldap support. In my openldap installation I just installed the openca.schema. Should I configure additional objects/containers in openldap for openca to work? When I try to save certs I get Distinguished name conflicts with basedn(s). My config.xml reads: option nameca_organization/namevalueYNS CA/value/option optionnameca_locality/namevalueSamarruga/value/option optionnameca_country/namevalueES/value/option !-- ldap server configuration -- optionnameldap_host/namevaluemyldap.xyz/value/option optionnameldap_port/namevalue389/value/option optionnameldaproot/namevaluecn=Manager,dc=yns,dc=xyz/value/option optionnameldaprootpwd/namevaluesecret/value/option optionnameuseLDAP/namevalueyes/value/option optionnameupdate_ldap_automatic/namevalueyes/value/option my ldap.conf ... LDAP yes LDAP_CRL_Issuer LDAP_CA_DN (# should I put dc=yns,dc=xyz here?) my slap.conf ... suffix dc=yns,dc=xyz # Also trying with o=,c= style suffix o=yns,c=es Please clarify me :) Salut, Jordi --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click ___ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
