I am new to OpenCA and want to "setup two management interfaces on one server", as described in openca-0.9.2-RC3/docs/guide/html_chunked/ch03s04.html#id2885425
My installation history.
First the online-Part:
rossi> ./configure --prefix=/home/openca/ --with-openssl-prefix=/usr/local/ssl/--with-openca-user=openca --with-openca-group=users --with-httpd-user=nobody --with-httpd-group=nobody
rossi> make; make install-online; rossi> cd ~openca/OpenCA/etc/ rossi> joe config.xml rossi> cd ~openca/OpenCA/ rossi> chmod 000 etc/servers/*.conf*
Now the offline part:
rossi> cd ~openca/openca-0.9.2-RC3/
rossi> ./configure --prefix=/home/openca/ --with-openssl-prefix=/usr/local/ssl/ --with-openca-user=openca --with-openca-group=users --with-httpd-user=nobody --with-httpd-group=nobody
rossi> make rossi> make install-offline rossi> cd ~openca/OpenCA/etc/ rossi> joe config.xml
Notice: config.xml is not changed, see Attachment.
All works fine until I want edit etc/configure_etc.sh It is not clear, how to change etc/configuure_etc.sh
In my configure_etc.sh I found:
for DIRECTORY in /home/openca//OpenCA/etc /home/openca//OpenCA/lib /home/openca//apache/htdocs/ca /home/openca//apache/htdocs/ra /home/openca//apache/htdoc do
but in the documentation it is said there "should" be directories like
/Test/OpenCA/etc/ /Test/OpenCA/lib/servers/ca_node /Test/OpenCA/lib/servers/ca /Test/htdocs/ca /Test/htdocs/ca_node
I have no ca_node.
what went wrong, if?
Bye Michael
<openca> <software_config> <!-- ######################################################## USAGE WARNING ########################################################
If yo change this file then you must change all files in etc which has the suffix .template. Please do this with the script openca-configure. Example: template: servers/ca.conf.template openca-configure config.xml servers/ca.conf.template servers/ca.conf If you don't do this then you have an inconsistent OpenCA installation. So this warning is serious. You can update all templates with a simple bash script. configure_etc.sh is such a script and demonstrates the usage of openca-configure. 2003-Mar-12, Michael Bell <[EMAIL PROTECTED]> --> <prefix>@</prefix> <suffix>@</suffix> <!-- =========== --> <!-- HSM support --> <!-- =========== --> <option> <name>openssl_engine</name> <value></value> </option> <option> <name>hsm_utility</name> <value></value> </option> <option> <name>hsm_slot</name> <value></value> </option> <option> <name>appid</name> <value></value> </option> <!-- =============== --> <!-- general options --> <!-- =============== --> <option> <name>default_language</name> <value>de</value> </option> <option> <name>default_charset</name> <value>iso-8859-1</value> </option> <option> <name>ca_organization</name> <value>Schlund</value> </option> <option> <name>ca_locality</name> <value>Karlsruhe</value> </option> <option> <name>ca_country</name> <value>Germany</value> </option> <option> <name>sendmail</name> <value>/usr/lib/sendmail -n -t </value> </option> <option> <name>send_mail_automatic</name> <value>no</value> </option> <option> <name>service_mail_account</name> <value>[EMAIL PROTECTED]</value> </option> <option> <name>policy_link</name> <value>https://rossi.ue.schlund.de/pub/policy.html</value> </option> <!-- ======================== --> <!-- web server configuration --> <!-- ======================== --> <option> <name>httpd_protocol</name> <value>https</value> </option> <option> <name>httpd_host</name> <value>rossi.ue.schlund.de</value> </option> <option> <!-- please include the colon if you specify a port --> <!-- please remember this is dependend from httpd_protocol --> <name>httpd_port</name> <value>:443</value> </option> <option> <name>menu_logo_left</name> <value> <!-- Here you can put references to the logo, you can use any html reference you want but please keep in mind that: no <> are allowed, use instead < and > rispectively. example: <img src="https://xyz.org/mylogo.jpg" alt="XYZ Logo"/> --> </value> </option> <option> <name>menu_logo_right</name> <a href="__HTDOCS_PREFIX__/thanks.html"> <img src="__HTDOCS_PREFIX__/images/openca-logo.png" alt="OpenCA Logo"/> </a> <value></value> </option> <option> <!-- You can add more CDPs here. Please enter one CDP per line. This is the content of an OpenSSL configuration section. Example: URI.1=http://cdp1.xyz.de/pub/crl/cacrl.crl URI.2=ldap://cdp2.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE URI.3=http://cdp2.xyz.de/pub/crl/cacrl.crl URI.4=ldap://cdp1.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE --> <name>CRLDistributionPoints</name> <value> URI.1=http://rossi.ue.schlund.de/pub/crl/cacrl.crl </value> </option> <option> <name>NS_CRLDistributionPoint</name> <value>http://rossi.ue.schlund.de/pub/crl/cacrl.crl</value> </option> <!-- ========================= --> <!-- ldap server configuration --> <!-- ========================= --> <option> <name>ldap_host</name> <value></value> </option> <option> <name>ldap_port</name> <value>389</value> </option> <option> <name>ldaproot</name> <value></value> </option> <option> <name>ldaprootpwd</name> <value></value> </option> <option> <name>useLDAP</name> <value>no</value> </option> <option> <name>update_ldap_automatic</name> <value>no</value> </option> <!-- ====================== --> <!-- database configuration --> <!-- ====================== --> <option> <name>dbmodule</name> <!-- you can use DB or DBI --> <value>DB</value> </option> <option> <name>db_type</name> <value>Pg</value> </option> <option> <name>db_name</name> <value>openca</value> </option> <option> <name>db_host</name> <value>localhost</value> </option> <option> <name>db_port</name> <value>5432</value> </option> <option> <name>db_user</name> <value>openca</value> </option> <option> <name>db_passwd</name> <value></value> </option> <!-- ==================== --> <!-- module configuration --> <!-- ==================== --> <option> <name>module_shift</name> <!-- 8 bits are enough for IDs from 0 to 255 --> <!-- please remember that 0 is the ID of the CA --> <value>8</value> </option> <option> <name>ra_module_id</name> <value>1</value> </option> <option> <name>ldap_module_id</name> <value>2</value> </option> <option> <name>node_module_id</name> <value>3</value> </option> <option> <name>pub_module_id</name> <value>32</value> </option> <option> <name>scep_module_id</name> <value>33</value> </option> <!-- =============================== --> <!-- configuration of relative paths --> <!-- =============================== --> <option> <name>ca_htdocs_url_prefix</name> <value>/ca</value> </option> <option> <name>ca_cgi_url_prefix</name> <value>/cgi-bin/ca</value> </option> <option> <name>node_htdocs_url_prefix</name> <value>/node</value> </option> <option> <name>node_cgi_url_prefix</name> <value>/cgi-bin/node</value> </option> <option> <name>ra_htdocs_url_prefix</name> <value>/ra</value> </option> <option> <name>ra_cgi_url_prefix</name> <value>/cgi-bin/ra</value> </option> <option> <name>ldap_htdocs_url_prefix</name> <value>/ldap</value> </option> <option> <name>ldap_cgi_url_prefix</name> <value>/cgi-bin/ldap</value> </option> <option> <name>pub_htdocs_url_prefix</name> <value>/pub</value> </option> <option> <name>pub_cgi_url_prefix</name> <value>/cgi-bin/pub</value> </option> <option> <name>scep_cgi_url_prefix</name> <value>/cgi-bin/scep</value> </option> <!-- =============================== --> <!-- configuration of absolute paths --> <!-- =============================== --> <option> <name>ca_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/ca</value> </option> <option> <name>ca_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/ca</value> </option> <option> <name>node_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/node</value> </option> <option> <name>node_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/node</value> </option> <option> <name>ra_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/ra</value> </option> <option> <name>ra_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/ra</value> </option> <option> <name>ldap_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/ldap</value> </option> <option> <name>ldap_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/ldap</value> </option> <option> <name>pub_htdocs_fs_prefix</name> <value>/home/openca//apache/htdocs/pub</value> </option> <option> <name>pub_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/pub</value> </option> <option> <name>scep_cgi_fs_prefix</name> <value>/home/openca//apache/cgi-bin/scep</value> </option> <!-- ===================== --> <!-- configuration of SCEP --> <!-- ===================== --> <option> <name>SCEP_RA_CERT</name> <value></value> </option> <option> <name>SCEP_RA_KEY</name> <value></value> </option> <option> <name>SCEP_RA_PASSWD</name> <value></value> </option> <!-- ===================== --> <!-- general configuration --> <!-- ===================== --> <option> <name>prefix</name> <value>/home/openca/</value> </option> <option> <name>etc_prefix</name> <value>/home/openca//OpenCA/etc</value> </option> <option> <name>lib_prefix</name> <value>/home/openca//OpenCA/lib</value> </option> <option> <name>var_prefix</name> <value>/home/openca//OpenCA/var</value> </option> <option> <name>ca_prefix</name> <value>ca</value> </option> <option> <name>ldap_prefix</name> <value>ldap</value> </option> <option> <name>node_prefix</name> <value>node</value> </option> <option> <name>pub_prefix</name> <value>pub</value> </option> <option> <name>ra_prefix</name> <value>ra</value> </option> <option> <name>scep_prefix</name> <value>scep</value> </option> <!-- ========================== --> <!-- dataexchange configuration --> <!-- ========================== --> <!-- there are several templates available today --> <!-- 0. no dataexchange configure - the default --> <!-- this makes only sense for an all in one box --> <!-- it is strongly recommended to use this only for testing --> <!-- 1. the node acts as CA only --> <!-- the node exports to one or several RAs only --> <!-- the node can export to LDAP too --> <!-- 2. the node acts as RA only --> <!-- the node exchange data with a CA and public/scep --> <!-- the node can act as LDAP too --> <!-- the node can export to LDAP too --> <!-- 3. the node acts as public/scep only --> <!-- the node exchange data with a RA --> <!-- 4. the node acts as LDAP only --> <!-- the node receives data from CA or RA --> <!-- 5. the node acts as public/scep and RA --> <!-- the node echanges data with a CA only --> <!-- no support for dataexchange with additional LDAP --> <!-- 6. the node acts as RA and CA --> <!-- the node exchange data with public/scep --> <!-- the node can export to LDAP too --> <!-- --> <!-- LDAP is only relevant if it is the only protocol on the node --> <!-- 0. no dataexchange configure - the default --> <option> <name>enroll_ca_certificate_states</name> <value></value> </option> <option> <name>enroll_certificate_states</name> <value></value> </option> <option> <name>enroll_crl_states</name> <value></value> </option> <option> <name>enroll_crr_states</name> <value></value> </option> <option> <name>enroll_csr_states</name> <value></value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value></value> </option> <option> <name>receive_csr_states</name> <value></value> </option> <option> <name>download_ca_certificate_states</name> <value></value> </option> <option> <name>download_certificate_states</name> <value></value> </option> <option> <name>download_crl_states</name> <value></value> </option> <option> <name>download_crr_states</name> <value></value> </option> <option> <name>download_csr_states</name> <value></value> </option> <option> <name>download_mail_states</name> <value></value> </option> <option> <name>upload_crr_states</name> <value></value> </option> <option> <name>upload_csr_states</name> <value></value> </option> <!-- 1. the node acts as CA only --> <!-- <option> <name>enroll_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_crl_states</name> <value>VALID</value> </option> <option> <name>enroll_crr_states</name> <value>ARCHIVED DELETED APPROVED</value> </option> <option> <name>enroll_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>enroll_mail_states</name> <value>CRINS DEFAULT</value> </option> <option> <name>receive_crr_states</name> <value>APPROVED</value> </option> <option> <name>receive_csr_states</name> <value>APPROVED</value> </option> <option> <name>download_ca_certificate_states</name> <value></value> </option> <option> <name>download_certificate_states</name> <value></value> </option> <option> <name>download_crl_states</name> <value></value> </option> <option> <name>download_crr_states</name> <value></value> </option> <option> <name>download_csr_states</name> <value></value> </option> <option> <name>download_mail_states</name> <value></value> </option> <option> <name>upload_crr_states</name> <value></value> </option> <option> <name>upload_csr_states</name> <value></value> </option> --> <!-- 2. the node acts as RA only --> <!-- <option> <name>enroll_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_crl_states</name> <value>VALID</value> </option> <option> <name>enroll_crr_states</name> <value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value> </option> <option> <name>enroll_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value>PENDING NEW</value> </option> <option> <name>receive_csr_states</name> <value>PENDING RENEW NEW</value> </option> <option> <name>download_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>download_certificate_states</name> <value>VALID</value> </option> <option> <name>download_crl_states</name> <value>VALID</value> </option> <option> <name>download_crr_states</name> <value>ARCHIVED DELETED APPROVED</value> </option> <option> <name>download_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>download_mail_states</name> <value>CRINS DEFAULT</value> </option> <option> <name>upload_crr_states</name> <value>APPROVED</value> </option> <option> <name>upload_csr_states</name> <value>APPROVED</value> </option> --> <!-- 3. the node acts as public/scep only --> <!-- <option> <name>enroll_ca_certificate_states</name> <value></value> </option> <option> <name>enroll_certificate_states</name> <value></value> </option> <option> <name>enroll_crl_states</name> <value></value> </option> <option> <name>enroll_crr_states</name> <value></value> </option> <option> <name>enroll_csr_states</name> <value></value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value></value> </option> <option> <name>receive_csr_states</name> <value></value> </option> <option> <name>download_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>download_certificate_states</name> <value>VALID</value> </option> <option> <name>download_crl_states</name> <value>VALID</value> </option> <option> <name>download_crr_states</name> <value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value> </option> <option> <name>download_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>download_mail_states</name> <value>CRINS DEFAULT</value> </option> <option> <name>upload_crr_states</name> <value>NEW</value> </option> <option> <name>upload_csr_states</name> <value>RENEW NEW</value> </option> --> <!-- 4. the node acts as LDAP only --> <!-- <option> <name>enroll_ca_certificate_states</name> <value></value> </option> <option> <name>enroll_certificate_states</name> <value></value> </option> <option> <name>enroll_crl_states</name> <value></value> </option> <option> <name>enroll_crr_states</name> <value></value> </option> <option> <name>enroll_csr_states</name> <value></value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value></value> </option> <option> <name>receive_csr_states</name> <value></value> </option> <option> <name>download_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>download_certificate_states</name> <value>VALID</value> </option> <option> <name>download_crl_states</name> <value>VALID</value> </option> <option> <name>download_crr_states</name> <value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value> </option> <option> <name>download_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>download_mail_states</name> <value></value> </option> <option> <name>upload_crr_states</name> <value></value> </option> <option> <name>upload_csr_states</name> <value></value> </option> --> <!-- 5. the node acts as public/scep and RA --> <!-- <option> <name>enroll_ca_certificate_states</name> <value></value> </option> <option> <name>enroll_certificate_states</name> <value></value> </option> <option> <name>enroll_crl_states</name> <value></value> </option> <option> <name>enroll_crr_states</name> <value></value> </option> <option> <name>enroll_csr_states</name> <value></value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value></value> </option> <option> <name>receive_csr_states</name> <value></value> </option> <option> <name>download_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>download_certificate_states</name> <value>VALID</value> </option> <option> <name>download_crl_states</name> <value>VALID</value> </option> <option> <name>download_crr_states</name> <value>ARCHIVED DELETED APPROVED</value> </option> <option> <name>download_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>download_mail_states</name> <value>CRINS DEFAULT</value> </option> <option> <name>upload_crr_states</name> <value>APPROVED</value> </option> <option> <name>upload_csr_states</name> <value>APPROVED</value> </option> --> <!-- 6. the node acts as RA and CA --> <!-- <option> <name>enroll_ca_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_certificate_states</name> <value>VALID</value> </option> <option> <name>enroll_crl_states</name> <value>VALID</value> </option> <option> <name>enroll_crr_states</name> <value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value> </option> <option> <name>enroll_csr_states</name> <value>ARCHIVED DELETED</value> </option> <option> <name>enroll_mail_states</name> <value></value> </option> <option> <name>receive_crr_states</name> <value>PENDING NEW</value> </option> <option> <name>receive_csr_states</name> <value>PENDING RENEW NEW</value> </option> <option> <name>download_ca_certificate_states</name> <value></value> </option> <option> <name>download_certificate_states</name> <value></value> </option> <option> <name>download_crl_states</name> <value></value> </option> <option> <name>download_crr_states</name> <value></value> </option> <option> <name>download_csr_states</name> <value></value> </option> <option> <name>download_mail_states</name> <value></value> </option> <option> <name>upload_crr_states</name> <value></value> </option> <option> <name>upload_csr_states</name> <value></value> </option> --> </software_config> </openca>