hello please do post it :).
regarding the environment - we use as a production system: redhat linux 7.2 perl 5.6.1 openca 0.9.1 rc5 (pretty modified) mysql 3.23.49 as backend (it's faster) openssl 0.9.7 from may 2002 apache 1.3.26 mod_ssl 2.8.10 regarding the export/import via floppy - i use a tar file instead of /dev/fd0 so when exporting the tar iz bzipped and copied to floppy and vice versa when importing. m. -----Original Message----- From: Marco Pfatschbacher [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 3:00 PM To: [EMAIL PROTECTED] Subject: [Openca-Users] Recommendations for Production Environment? Hello, we are planning to use OpenCA within our university for about 400 Students. We�ve done some testing with version 0.9.0, 0.9.1-RC6 and RC7. Basically everything works. You�ve done a good job :-) But there are some issues that are still unclear for us. First, can you give us some reccomendations which components we should use? * which release of openssl 0.9.7 is known to be relativly bugfree and can be used for production? * apache-ssl vs. apache/mod_ssl * which DB-Backend? Is it enough to run with DB-Files or is it better to use {MySQL,PostreSQL, ..} * which version of OpenCA >= 0.9.1 seems adequate for production? It doesn�t have to be bulletproof, we only need basic CA-Features which seemed to work well for us since 0.9.1-RC6. Secondly, we�re worry about some performance issues: After creating only 30 Certs the export-import files are about 1MB big. OK, this concerns us not directly because we are working with "scp" rather then floppys. How about gzipping the tar-files? * OpenCA is really slow in some functions. Listing the "Archived Requests" for example takes about 20 seconds. In this case we had only 30 Certs. How long will this need with 400? Our RA runs on an K6-2/400 CPU. For fun I�ve done some tests with the Perl Profiler: RAsmus:~# dprofpp tmon.out Total Elapsed Time = 22.86498 Seconds User+System Time = 14.99498 Seconds Exclusive Times %Time ExclSec CumulS #Calls sec/call Csec/c Name 13.3 2.006 3.482 6593 0.0003 0.0005 Parse::RecDescent::namespace000001 ::stringchar 12.7 1.915 7.420 6593 0.0003 0.0011 Parse::RecDescent::namespace000001 ::_alternation_1_of_production_1_o f_rule_string 12.3 1.858 3.216 20867 0.0001 0.0002 Parse::RecDescent::Rule::expected 6.14 0.920 0.755 54901 0.0000 0.0000 Parse::RecDescent::Expectation::at 5.87 0.880 0.817 20864 0.0000 0.0000 Parse::RecDescent::Expectation::new [...] Is there a way to speed this up? Maybe with mod_perl? Finally i wrote a quick and dirty ldap-backend in perl, which inserts "(userCertificate;binary=*)" in every search. This avoids the users to appear twice when using the ldap as address-book. (http://www.mail-archive.com/[email protected]/msg01896.html) If someone is interested i�ll post it here. Thanks in advance Marco Pfatschbacher -- Wahrheit ist die Erfindung eines L�gners. - Heinz von Foerster - ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------- This SF.NET email is sponsored by: Geek Gift Procrastinating? Get the perfect geek gift now! Before the Holidays pass you by. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
