Hello,
I am new to OpenCA and want to "setup two management interfaces on one server", as described in openca-0.9.2-RC3/docs/guide/html_chunked/ch03s04.html#id2885425


My installation history.

First the online-Part:
rossi> ./configure --prefix=/home/openca/ --with-openssl-prefix=/usr/local/ssl/--with-openca-user=openca --with-openca-group=users --with-httpd-user=nobody --with-httpd-group=nobody


rossi> make; make install-online;
rossi> cd ~openca/OpenCA/etc/
rossi> joe config.xml
rossi> cd ~openca/OpenCA/
rossi> chmod 000 etc/servers/*.conf*

Now the offline part:
rossi> cd ~openca/openca-0.9.2-RC3/
rossi> ./configure --prefix=/home/openca/ --with-openssl-prefix=/usr/local/ssl/ --with-openca-user=openca --with-openca-group=users --with-httpd-user=nobody --with-httpd-group=nobody


rossi> make
rossi> make install-offline
rossi> cd ~openca/OpenCA/etc/
rossi> joe config.xml

Notice: config.xml is not changed, see Attachment.

All works fine until I want edit etc/configure_etc.sh
It is not clear, how to change etc/configuure_etc.sh

In my configure_etc.sh I found:

for DIRECTORY in
/home/openca//OpenCA/etc
/home/openca//OpenCA/lib
/home/openca//apache/htdocs/ca
/home/openca//apache/htdocs/ra
/home/openca//apache/htdoc
do

but in the documentation it is said there "should" be directories like

/Test/OpenCA/etc/
/Test/OpenCA/lib/servers/ca_node
/Test/OpenCA/lib/servers/ca
/Test/htdocs/ca
/Test/htdocs/ca_node

I have no ca_node.

what went wrong, if?

Bye Michael
<openca>
    <software_config>
        <!--
            ########################################################
                                USAGE WARNING
            ########################################################

            If yo change this file then you must change all files in
            etc which has the suffix .template. Please do this with
            the script openca-configure.

            Example:
                    template: servers/ca.conf.template
                    openca-configure config.xml servers/ca.conf.template servers/ca.conf

            If you don't do this then you have an inconsistent
            OpenCA installation. So this warning is serious.

            You can update all templates with a simple bash script.
            configure_etc.sh is such a script and demonstrates the
            usage of openca-configure.

            2003-Mar-12, Michael Bell <[EMAIL PROTECTED]>
        -->
        <prefix>@</prefix>
        <suffix>@</suffix>

        <!-- =========== -->
        <!-- HSM support -->
        <!-- =========== -->
        <option>
            <name>openssl_engine</name>
            <value></value>
        </option>
        <option>
            <name>hsm_utility</name>
            <value></value>
        </option>
        <option>
            <name>hsm_slot</name>
            <value></value>
        </option>
        <option>
            <name>appid</name>
            <value></value>
        </option>

        <!-- =============== -->
        <!-- general options -->
        <!-- =============== -->

        <option>
            <name>default_language</name>
            <value>de</value>
        </option>
        <option>
            <name>default_charset</name>
            <value>iso-8859-1</value>
        </option>
        <option>
            <name>ca_organization</name>
            <value>Schlund</value>
        </option>
        <option>
            <name>ca_locality</name>
            <value>Karlsruhe</value>
        </option>
        <option>
            <name>ca_country</name>
            <value>Germany</value>
        </option>
        <option>
            <name>sendmail</name>
            <value>/usr/lib/sendmail -n -t </value>
        </option>
        <option>
            <name>send_mail_automatic</name>
            <value>no</value>
        </option>
        <option>
            <name>service_mail_account</name>
            <value>[EMAIL PROTECTED]</value>
        </option>
        <option>
            <name>policy_link</name>
            <value>https://rossi.ue.schlund.de/pub/policy.html</value>
        </option>

        <!-- ======================== -->
        <!-- web server configuration -->
        <!-- ======================== -->
        <option>
            <name>httpd_protocol</name>
            <value>https</value>
        </option>
        <option>
            <name>httpd_host</name>
            <value>rossi.ue.schlund.de</value>
        </option>
        <option>
            <!-- please include the colon if you specify a port        -->
            <!-- please remember this is dependend from httpd_protocol -->
            <name>httpd_port</name>
            <value>:443</value>
        </option>
        <option>
            <name>menu_logo_left</name>
            <value>
            <!--   Here you can put references to the logo, you can use
                   any html reference you want but please keep in mind that:
                   no <> are allowed, use instead &lt; and &gt; rispectively.

		   example:
                   &lt;img src="https://xyz.org/mylogo.jpg"; alt="XYZ Logo"/&gt;
             -->
            </value>
        </option>
        <option>
            <name>menu_logo_right</name>
                &lt;a href="__HTDOCS_PREFIX__/thanks.html"&gt;
                   &lt;img src="__HTDOCS_PREFIX__/images/openca-logo.png" alt="OpenCA Logo"/&gt;
                &lt;/a&gt;
            <value></value>
        </option>
        <option>
            <!--
                You can add more CDPs here. Please enter one CDP per line.
                This is the content of an OpenSSL configuration section.
                Example:
URI.1=http://cdp1.xyz.de/pub/crl/cacrl.crl
URI.2=ldap://cdp2.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE
URI.3=http://cdp2.xyz.de/pub/crl/cacrl.crl
URI.4=ldap://cdp1.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE
             -->
            <name>CRLDistributionPoints</name>
            <value>
URI.1=http://rossi.ue.schlund.de/pub/crl/cacrl.crl
            </value>
        </option>
        <option>
            <name>NS_CRLDistributionPoint</name>
            <value>http://rossi.ue.schlund.de/pub/crl/cacrl.crl</value>
        </option>

        <!-- ========================= -->
        <!-- ldap server configuration -->
        <!-- ========================= -->
        <option>
            <name>ldap_host</name>
            <value></value>
        </option>
        <option>
            <name>ldap_port</name>
            <value>389</value>
        </option>
        <option>
            <name>ldaproot</name>
            <value></value>
        </option>
        <option>
            <name>ldaprootpwd</name>
            <value></value>
        </option>
        <option>
            <name>useLDAP</name>
            <value>no</value>
        </option>
        <option>
            <name>update_ldap_automatic</name>
            <value>no</value>
        </option>

        <!-- ====================== -->
        <!-- database configuration -->
        <!-- ====================== -->
        <option>
            <name>dbmodule</name>
            <!-- you can use DB or DBI -->
            <value>DB</value>
        </option>
        <option>
            <name>db_type</name>
            <value>Pg</value>
        </option>
        <option>
            <name>db_name</name>
            <value>openca</value>
        </option>
        <option>
            <name>db_host</name>
            <value>localhost</value>
        </option>
        <option>
            <name>db_port</name>
            <value>5432</value>
        </option>
        <option>
            <name>db_user</name>
            <value>openca</value>
        </option>
        <option>
            <name>db_passwd</name>
            <value></value>
        </option>

        <!-- ==================== -->
        <!-- module configuration -->
        <!-- ==================== -->
        <option>
            <name>module_shift</name>
            <!-- 8 bits are enough for IDs from 0 to 255    -->
            <!-- please remember that 0 is the ID of the CA -->
            <value>8</value>
        </option>
        <option>
            <name>ra_module_id</name>
            <value>1</value>
        </option>
        <option>
            <name>ldap_module_id</name>
            <value>2</value>
        </option>
        <option>
            <name>node_module_id</name>
            <value>3</value>
        </option>
        <option>
            <name>pub_module_id</name>
            <value>32</value>
        </option>
        <option>
            <name>scep_module_id</name>
            <value>33</value>
        </option>

        <!-- =============================== -->
        <!-- configuration of relative paths -->
        <!-- =============================== -->

        <option>
            <name>ca_htdocs_url_prefix</name>
            <value>/ca</value>
        </option>
        <option>
            <name>ca_cgi_url_prefix</name>
            <value>/cgi-bin/ca</value>
        </option>
        <option>
            <name>node_htdocs_url_prefix</name>
            <value>/node</value>
        </option>
        <option>
            <name>node_cgi_url_prefix</name>
            <value>/cgi-bin/node</value>
        </option>
        <option>
            <name>ra_htdocs_url_prefix</name>
            <value>/ra</value>
        </option>
        <option>
            <name>ra_cgi_url_prefix</name>
            <value>/cgi-bin/ra</value>
        </option>
        <option>
            <name>ldap_htdocs_url_prefix</name>
            <value>/ldap</value>
        </option>
        <option>
            <name>ldap_cgi_url_prefix</name>
            <value>/cgi-bin/ldap</value>
        </option>
        <option>
            <name>pub_htdocs_url_prefix</name>
            <value>/pub</value>
        </option>
        <option>
            <name>pub_cgi_url_prefix</name>
            <value>/cgi-bin/pub</value>
        </option>
        <option>
            <name>scep_cgi_url_prefix</name>
            <value>/cgi-bin/scep</value>
        </option>

        <!-- =============================== -->
        <!-- configuration of absolute paths -->
        <!-- =============================== -->

        <option>
            <name>ca_htdocs_fs_prefix</name>
            <value>/home/openca//apache/htdocs/ca</value>
        </option>
        <option>
            <name>ca_cgi_fs_prefix</name>
            <value>/home/openca//apache/cgi-bin/ca</value>
        </option>
        <option>
            <name>node_htdocs_fs_prefix</name>
            <value>/home/openca//apache/htdocs/node</value>
        </option>
        <option>
            <name>node_cgi_fs_prefix</name>
            <value>/home/openca//apache/cgi-bin/node</value>
        </option>
        <option>
            <name>ra_htdocs_fs_prefix</name>
            <value>/home/openca//apache/htdocs/ra</value>
        </option>
        <option>
            <name>ra_cgi_fs_prefix</name>
            <value>/home/openca//apache/cgi-bin/ra</value>
        </option>
        <option>
            <name>ldap_htdocs_fs_prefix</name>
            <value>/home/openca//apache/htdocs/ldap</value>
        </option>
        <option>
            <name>ldap_cgi_fs_prefix</name>
            <value>/home/openca//apache/cgi-bin/ldap</value>
        </option>
        <option>
            <name>pub_htdocs_fs_prefix</name>
            <value>/home/openca//apache/htdocs/pub</value>
        </option>
        <option>
            <name>pub_cgi_fs_prefix</name>
            <value>/home/openca//apache/cgi-bin/pub</value>
        </option>
        <option>
            <name>scep_cgi_fs_prefix</name>
            <value>/home/openca//apache/cgi-bin/scep</value>
        </option>

        <!-- ===================== -->
        <!-- configuration of SCEP -->
        <!-- ===================== -->

        <option>
            <name>SCEP_RA_CERT</name>
            <value></value>
        </option>
        <option>
            <name>SCEP_RA_KEY</name>
            <value></value>
        </option>
        <option>
            <name>SCEP_RA_PASSWD</name>
            <value></value>
        </option>

        <!-- ===================== -->
        <!-- general configuration -->
        <!-- ===================== -->

        <option>
            <name>prefix</name>
            <value>/home/openca/</value>
        </option>
        <option>
            <name>etc_prefix</name>
            <value>/home/openca//OpenCA/etc</value>
        </option>
        <option>
            <name>lib_prefix</name>
            <value>/home/openca//OpenCA/lib</value>
        </option>
        <option>
            <name>var_prefix</name>
            <value>/home/openca//OpenCA/var</value>
        </option>
        <option>
            <name>ca_prefix</name>
            <value>ca</value>
        </option>
        <option>
            <name>ldap_prefix</name>
            <value>ldap</value>
        </option>
        <option>
            <name>node_prefix</name>
            <value>node</value>
        </option>
        <option>
            <name>pub_prefix</name>
            <value>pub</value>
        </option>
        <option>
            <name>ra_prefix</name>
            <value>ra</value>
        </option>
        <option>
            <name>scep_prefix</name>
            <value>scep</value>
        </option>


        <!-- ========================== -->
        <!-- dataexchange configuration -->
        <!-- ========================== -->

        <!-- there are several templates available today                    -->
        <!--   0. no dataexchange configure - the default                   -->
        <!--        this makes only sense for an all in one box             -->
        <!--        it is strongly recommended to use this only for testing -->
        <!--   1. the node acts as CA only                                  -->
        <!--        the node exports to one or several RAs only             -->
        <!--        the node can export to LDAP too                         -->
        <!--   2. the node acts as RA only                                  -->
        <!--        the node exchange data with a CA and public/scep        -->
        <!--        the node can act as LDAP too                            -->
        <!--        the node can export to LDAP too                         -->
        <!--   3. the node acts as public/scep only                         -->
        <!--        the node exchange data with a RA                        -->
        <!--   4. the node acts as LDAP only                                -->
        <!--        the node receives data from CA or RA                    -->
        <!--   5. the node acts as public/scep and RA                       --> 
        <!--        the node echanges data with a CA only                   -->
        <!--        no support for dataexchange with additional LDAP        -->
        <!--   6. the node acts as RA and CA                                -->
        <!--        the node exchange data with public/scep                 -->
        <!--        the node can export to LDAP too                         -->
        <!--                                                                -->
        <!--   LDAP is only relevant if it is the only protocol on the node -->


        <!--   0. no dataexchange configure - the default                   -->
            <option>
              <name>enroll_ca_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_crl_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_ca_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>download_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>download_crl_states</name>
              <value></value>
            </option>
            <option>
              <name>download_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>upload_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>upload_csr_states</name>
              <value></value>
            </option>

        <!--   1. the node acts as CA only                                  -->
        <!--
            <option>
              <name>enroll_ca_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>enroll_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>enroll_crl_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>enroll_crr_states</name>
              <value>ARCHIVED DELETED APPROVED</value>
            </option>
            <option>
              <name>enroll_csr_states</name>
              <value>ARCHIVED DELETED</value>
            </option>
            <option>
              <name>enroll_mail_states</name>
              <value>CRINS DEFAULT</value>
            </option>
            <option>
              <name>receive_crr_states</name>
              <value>APPROVED</value>
            </option>
            <option>
              <name>receive_csr_states</name>
              <value>APPROVED</value>
            </option>
            <option>
              <name>download_ca_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>download_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>download_crl_states</name>
              <value></value>
            </option>
            <option>
              <name>download_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>upload_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>upload_csr_states</name>
              <value></value>
            </option>
          -->

        <!--   2. the node acts as RA only                                  -->
        <!--
            <option>
              <name>enroll_ca_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>enroll_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>enroll_crl_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>enroll_crr_states</name>
              <value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value>
            </option>
            <option>
              <name>enroll_csr_states</name>
              <value>ARCHIVED DELETED</value>
            </option>
            <option>
              <name>enroll_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_crr_states</name>
              <value>PENDING NEW</value>
            </option>
            <option>
              <name>receive_csr_states</name>
              <value>PENDING RENEW NEW</value>
            </option>
            <option>
              <name>download_ca_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_crl_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_crr_states</name>
              <value>ARCHIVED DELETED APPROVED</value>
            </option>
            <option>
              <name>download_csr_states</name>
              <value>ARCHIVED DELETED</value>
            </option>
            <option>
              <name>download_mail_states</name>
              <value>CRINS DEFAULT</value>
            </option>
            <option>
              <name>upload_crr_states</name>
              <value>APPROVED</value>
            </option>
            <option>
              <name>upload_csr_states</name>
              <value>APPROVED</value>
            </option>
          -->

        <!--   3. the node acts as public/scep only                         -->
        <!--
            <option>
              <name>enroll_ca_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_crl_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_ca_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_crl_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_crr_states</name>
              <value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value>
            </option>
            <option>
              <name>download_csr_states</name>
              <value>ARCHIVED DELETED</value>
            </option>
            <option>
              <name>download_mail_states</name>
              <value>CRINS DEFAULT</value>
            </option>
            <option>
              <name>upload_crr_states</name>
              <value>NEW</value>
            </option>
            <option>
              <name>upload_csr_states</name>
              <value>RENEW NEW</value>
            </option>
          -->

        <!--   4. the node acts as LDAP only                                -->
        <!--
            <option>
              <name>enroll_ca_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_crl_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_ca_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_crl_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_crr_states</name>
              <value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value>
            </option>
            <option>
              <name>download_csr_states</name>
              <value>ARCHIVED DELETED</value>
            </option>
            <option>
              <name>download_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>upload_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>upload_csr_states</name>
              <value></value>
            </option>
          -->

        <!--   5. the node acts as public/scep and RA                       -->
        <!--
            <option>
              <name>enroll_ca_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_crl_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>enroll_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_ca_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_crl_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>download_crr_states</name>
              <value>ARCHIVED DELETED APPROVED</value>
            </option>
            <option>
              <name>download_csr_states</name>
              <value>ARCHIVED DELETED</value>
            </option>
            <option>
              <name>download_mail_states</name>
              <value>CRINS DEFAULT</value>
            </option>
            <option>
              <name>upload_crr_states</name>
              <value>APPROVED</value>
            </option>
            <option>
              <name>upload_csr_states</name>
              <value>APPROVED</value>
            </option>
          -->

        <!--   6. the node acts as RA and CA                                -->
        <!--
            <option>
              <name>enroll_ca_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>enroll_certificate_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>enroll_crl_states</name>
              <value>VALID</value>
            </option>
            <option>
              <name>enroll_crr_states</name>
              <value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value>
            </option>
            <option>
              <name>enroll_csr_states</name>
              <value>ARCHIVED DELETED</value>
            </option>
            <option>
              <name>enroll_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>receive_crr_states</name>
              <value>PENDING NEW</value>
            </option>
            <option>
              <name>receive_csr_states</name>
              <value>PENDING RENEW NEW</value>
            </option>
            <option>
              <name>download_ca_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>download_certificate_states</name>
              <value></value>
            </option>
            <option>
              <name>download_crl_states</name>
              <value></value>
            </option>
            <option>
              <name>download_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_csr_states</name>
              <value></value>
            </option>
            <option>
              <name>download_mail_states</name>
              <value></value>
            </option>
            <option>
              <name>upload_crr_states</name>
              <value></value>
            </option>
            <option>
              <name>upload_csr_states</name>
              <value></value>
            </option>
          -->


    </software_config>
</openca>

Reply via email to