Now I understand tha way you made it an solved my problem by adding the right link as file by using following call:
echo "OCSP Server" | perl -MMIME::Base64 -0777 -ne 'print encode_base64($_)'
than i added "==" to the response and after doing that on both CA and RA it works!
That a lot!!!
Nick
Michael Bell schrieb:
Nicolaie Szabadkai wrote:Hi Max,
I am back again and trying to setup up ocsp the richt way!
After I copied Web_Server.ext to OCSP_Server.ext and edited as suggested in /RA/OpenCA/etc/openssl/extfiles I still can not choose to create ocsp-certificate!?
When I try to create that role it says that this role already exist, altough I did not create it! It is possible to create new roles that have new names but now I dont know how they match to filename?
Ok, I'm not Max but I can explain it if you are using 0.9.1 or earlier. The error message appears if one of the following files exists:
OPENCADIR/etc/openssl/extfiles/OCSP_Server.ext
OPENCADIR/etc/openssl/openssl/OCSP_Server.conf
OPENCADIR/etc/rbac/roles/xyz (xyz is the name "OCSP Server" encoded in base64)
There are two possibilities.
1. If you never created this role via the webinterface then there is no base64 encoded role. So remove OPENCADIR/etc/openssl/extfiles/OCSP_Server.ext and OPENCADIR/etc/openssl/openssl/OCSP_Server.conf on the CA. Create the role via the webinterface. Export the configuration to the RA (if they are not on the same server).
2. If you already created the role then you have to create the files OPENCADIR/etc/openssl/extfiles/OCSP_Server.ext and OPENCADIR/etc/openssl/openssl/OCSP_Server.conf too. After this you have to export the configuration from the CA to the RA to publish the new role.
Michael
--
-------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482
(Computing Centre) Fax: +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin Email (private): [EMAIL PROTECTED]
Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
Mit freundlichen Gr��en
N. Szabadkai
PgP-Fingerprint: 044B 65C4 07E3 F47C 9388 1CCE 3B43 038E 437C 1286
==================================================
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
