Hi Achim,
I've rebuilt my database from scratch for a restructured OpenXPKI
installation, have done all the steps which are needed make it working,
but -not as with my previous installations- i get the error when
starting with openxpkictl start:
Hi Achim,
first, the engine_section setup in your token.xml looks incorrect, have a look
at my configuration using an nCipher HSM:
token id=default_hsm_ncipher super=../token{default}
!-- possible values are OpenSSL, nCipher, LunaCA --
enginenCipher/engine
Hi,
2010/03/03 10:43:34 openxpki.system.FATAL [OpenXPKI::Server::Init (156)]
Exception during initialization task 'pki_realm':
I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED
2010/03/03 10:43:34 openxpki.system.FATAL [OpenXPKI::Server
Hi,
apologies for the late answer, I was away for a few days.
Now i am interested in the communication of E-Mail Clients via these OpenXPKI
generated certificates. I generated user certificates and imported them in
Microsoft Outlook. Now I am able to send signed mails but when i try to send
Hi Scott,
I applied your suggested configuration and was able to create a Sub CA
certificate...i also added a Sub CA role in the Sub CA profile. The Sub
CA's certificate was successfully generated. I used Accounts Department as
my Sub CA nameThen i imported this certificate into a
Hi Scott,
I have applied your suggested configuration by duplicating the
pki_realm.../pki_realm with different configuration. It works but this
new PKI realm has no relation with the previous PKI realm. Previous Pki realm
contains self signed certificate. Lets assume the default/previous
Hi,
OpenXPKI generates ECC certificates for its CA Operator , RA
Operator , End User and Web Server that contain RSA public
key . CA certificate is ECC based using curve PRIME239v1. but the
certificates that are issued have RSA public key.
thanks for pointing this out. I am currently
Hi Mary,
In your last mail, u told that current release of OpenXPKI contains
the necessary code to be integrated with HSM. So Kindly provide me
the COMPLETE method of integration of HSM's with OpenXPKI ?
in order to integrate a new HSM in the OpenXPKI crypto backend you
need to write a
Hi Mary,
I have installed EJBCA on Fedora Core 10 in 2 days and successfully
tested it with nCipher and PrimeCard HSM's. Now i have turned hands
on with OpenXPKI. There is a success story written at www.openxpki.org
The first production deployment of OpenXPKI was performed on
Friday,
Hi,
can somebody share experience in OpenXPKI usage with OpenVPN?
I have not tried OpenXPKI certificates with OpenVPN, but I am quite
sure it will work without problem.
OpenVPN uses TLS, so I'd suggest to use a TLS Server certificate on
the server side. Set the server DNS name as
Hi,
OpenVPN uses TLS, so I'd suggest to use a TLS Server certificate on
the server side.
do you mean OpenVPN config file option tls-server ?
I read that OpenVPN can operate in TLS mode, but I have no idea how
this is configured.
Set the server DNS name as SubjectAlternativeName to
make
Hi,
But when i try to run OpenXPKI Server by executing openxpkictl on
console. I get the following Exceptions in openxpki.log file and
the server does not start. I have even tried it when both machined
as running in parallel and can access each other directly using IP
Address.
Hi,
I have now posted the workflow diagram that is being generated when
i login as CA Operator and tries to Approve a User generated CSR.
As you can see that the control flow keeps looping on the state
APPROVAL.
Please help.
When I login as RA Operator and try to approve the CSR
Hi Marc,
After weeks of unqualified hacking around on my machine adapting
the openxpki installation to suit my needs I thought i'd share the
experience and work I have put into this back to you.
So, I came up with some modification proposals and setup hints for
the other users who want
Hi,
I have now posted the workflow diagram that is being generated when
i login as CA Operator and tries to Approve a User generated CSR.
As you can see that the control flow keeps looping on the state
APPROVAL.
Please help.
When I login as RA Operator and try to approve the CSR
Hi Marc,
After weeks of unqualified hacking around on my machine adapting
the openxpki installation to suit my needs I thought i'd share the
experience and work I have put into this back to you.
So, I came up with some modification proposals and setup hints for
the other users who want
Hi,
But when i logout and login again as a caop:CA Operator account,
and goes to APPROVE and select PENDING CSR's and click on the 1
available request, then click on the Approve CSR button then it
asks me to choose from two options, i.e Approve CSR with digital
signature/Approve CS
201 - 217 of 217 matches
Mail list logo