I am new to OpenCA and want to "setup two management interfaces on one server", as described in openca-0.9.2-RC3/docs/guide/html_chunked/ch03s04.html#id2885425
My installation history.
First the online-Part:
rossi> ./configure --prefix=/home/openca/ --with-openssl-prefix=/usr/local/ssl/--with-openca-user=openca --with-openca-group=users --with-httpd-user=nobody --with-httpd-group=nobody
rossi> make; make install-online; rossi> cd ~openca/OpenCA/etc/ rossi> joe config.xml rossi> cd ~openca/OpenCA/ rossi> chmod 000 etc/servers/*.conf*
Now the offline part:
rossi> cd ~openca/openca-0.9.2-RC3/
rossi> ./configure --prefix=/home/openca/ --with-openssl-prefix=/usr/local/ssl/ --with-openca-user=openca --with-openca-group=users --with-httpd-user=nobody --with-httpd-group=nobody
rossi> make rossi> make install-offline rossi> cd ~openca/OpenCA/etc/ rossi> joe config.xml
Notice: config.xml is not changed, see Attachment.
All works fine until I want edit etc/configure_etc.sh It is not clear, how to change etc/configuure_etc.sh
In my configure_etc.sh I found:
for DIRECTORY in /home/openca//OpenCA/etc /home/openca//OpenCA/lib /home/openca//apache/htdocs/ca /home/openca//apache/htdocs/ra /home/openca//apache/htdoc do
but in the documentation it is said there "should" be directories like
/Test/OpenCA/etc/ /Test/OpenCA/lib/servers/ca_node /Test/OpenCA/lib/servers/ca /Test/htdocs/ca /Test/htdocs/ca_node
I have no ca_node.
what went wrong, if?
Bye Michael
<openca>
<software_config>
<!--
########################################################
USAGE WARNING
########################################################
If yo change this file then you must change all files in
etc which has the suffix .template. Please do this with
the script openca-configure.
Example:
template: servers/ca.conf.template
openca-configure config.xml servers/ca.conf.template servers/ca.conf
If you don't do this then you have an inconsistent
OpenCA installation. So this warning is serious.
You can update all templates with a simple bash script.
configure_etc.sh is such a script and demonstrates the
usage of openca-configure.
2003-Mar-12, Michael Bell <[EMAIL PROTECTED]>
-->
<prefix>@</prefix>
<suffix>@</suffix>
<!-- =========== -->
<!-- HSM support -->
<!-- =========== -->
<option>
<name>openssl_engine</name>
<value></value>
</option>
<option>
<name>hsm_utility</name>
<value></value>
</option>
<option>
<name>hsm_slot</name>
<value></value>
</option>
<option>
<name>appid</name>
<value></value>
</option>
<!-- =============== -->
<!-- general options -->
<!-- =============== -->
<option>
<name>default_language</name>
<value>de</value>
</option>
<option>
<name>default_charset</name>
<value>iso-8859-1</value>
</option>
<option>
<name>ca_organization</name>
<value>Schlund</value>
</option>
<option>
<name>ca_locality</name>
<value>Karlsruhe</value>
</option>
<option>
<name>ca_country</name>
<value>Germany</value>
</option>
<option>
<name>sendmail</name>
<value>/usr/lib/sendmail -n -t </value>
</option>
<option>
<name>send_mail_automatic</name>
<value>no</value>
</option>
<option>
<name>service_mail_account</name>
<value>[EMAIL PROTECTED]</value>
</option>
<option>
<name>policy_link</name>
<value>https://rossi.ue.schlund.de/pub/policy.html</value>
</option>
<!-- ======================== -->
<!-- web server configuration -->
<!-- ======================== -->
<option>
<name>httpd_protocol</name>
<value>https</value>
</option>
<option>
<name>httpd_host</name>
<value>rossi.ue.schlund.de</value>
</option>
<option>
<!-- please include the colon if you specify a port -->
<!-- please remember this is dependend from httpd_protocol -->
<name>httpd_port</name>
<value>:443</value>
</option>
<option>
<name>menu_logo_left</name>
<value>
<!-- Here you can put references to the logo, you can use
any html reference you want but please keep in mind that:
no <> are allowed, use instead < and > rispectively.
example:
<img src="https://xyz.org/mylogo.jpg"; alt="XYZ Logo"/>
-->
</value>
</option>
<option>
<name>menu_logo_right</name>
<a href="__HTDOCS_PREFIX__/thanks.html">
<img src="__HTDOCS_PREFIX__/images/openca-logo.png" alt="OpenCA Logo"/>
</a>
<value></value>
</option>
<option>
<!--
You can add more CDPs here. Please enter one CDP per line.
This is the content of an OpenSSL configuration section.
Example:
URI.1=http://cdp1.xyz.de/pub/crl/cacrl.crl
URI.2=ldap://cdp2.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE
URI.3=http://cdp2.xyz.de/pub/crl/cacrl.crl
URI.4=ldap://cdp1.xyz.de/cn=CA,ou=Trustcenter,o=XYZ,c=DE
-->
<name>CRLDistributionPoints</name>
<value>
URI.1=http://rossi.ue.schlund.de/pub/crl/cacrl.crl
</value>
</option>
<option>
<name>NS_CRLDistributionPoint</name>
<value>http://rossi.ue.schlund.de/pub/crl/cacrl.crl</value>
</option>
<!-- ========================= -->
<!-- ldap server configuration -->
<!-- ========================= -->
<option>
<name>ldap_host</name>
<value></value>
</option>
<option>
<name>ldap_port</name>
<value>389</value>
</option>
<option>
<name>ldaproot</name>
<value></value>
</option>
<option>
<name>ldaprootpwd</name>
<value></value>
</option>
<option>
<name>useLDAP</name>
<value>no</value>
</option>
<option>
<name>update_ldap_automatic</name>
<value>no</value>
</option>
<!-- ====================== -->
<!-- database configuration -->
<!-- ====================== -->
<option>
<name>dbmodule</name>
<!-- you can use DB or DBI -->
<value>DB</value>
</option>
<option>
<name>db_type</name>
<value>Pg</value>
</option>
<option>
<name>db_name</name>
<value>openca</value>
</option>
<option>
<name>db_host</name>
<value>localhost</value>
</option>
<option>
<name>db_port</name>
<value>5432</value>
</option>
<option>
<name>db_user</name>
<value>openca</value>
</option>
<option>
<name>db_passwd</name>
<value></value>
</option>
<!-- ==================== -->
<!-- module configuration -->
<!-- ==================== -->
<option>
<name>module_shift</name>
<!-- 8 bits are enough for IDs from 0 to 255 -->
<!-- please remember that 0 is the ID of the CA -->
<value>8</value>
</option>
<option>
<name>ra_module_id</name>
<value>1</value>
</option>
<option>
<name>ldap_module_id</name>
<value>2</value>
</option>
<option>
<name>node_module_id</name>
<value>3</value>
</option>
<option>
<name>pub_module_id</name>
<value>32</value>
</option>
<option>
<name>scep_module_id</name>
<value>33</value>
</option>
<!-- =============================== -->
<!-- configuration of relative paths -->
<!-- =============================== -->
<option>
<name>ca_htdocs_url_prefix</name>
<value>/ca</value>
</option>
<option>
<name>ca_cgi_url_prefix</name>
<value>/cgi-bin/ca</value>
</option>
<option>
<name>node_htdocs_url_prefix</name>
<value>/node</value>
</option>
<option>
<name>node_cgi_url_prefix</name>
<value>/cgi-bin/node</value>
</option>
<option>
<name>ra_htdocs_url_prefix</name>
<value>/ra</value>
</option>
<option>
<name>ra_cgi_url_prefix</name>
<value>/cgi-bin/ra</value>
</option>
<option>
<name>ldap_htdocs_url_prefix</name>
<value>/ldap</value>
</option>
<option>
<name>ldap_cgi_url_prefix</name>
<value>/cgi-bin/ldap</value>
</option>
<option>
<name>pub_htdocs_url_prefix</name>
<value>/pub</value>
</option>
<option>
<name>pub_cgi_url_prefix</name>
<value>/cgi-bin/pub</value>
</option>
<option>
<name>scep_cgi_url_prefix</name>
<value>/cgi-bin/scep</value>
</option>
<!-- =============================== -->
<!-- configuration of absolute paths -->
<!-- =============================== -->
<option>
<name>ca_htdocs_fs_prefix</name>
<value>/home/openca//apache/htdocs/ca</value>
</option>
<option>
<name>ca_cgi_fs_prefix</name>
<value>/home/openca//apache/cgi-bin/ca</value>
</option>
<option>
<name>node_htdocs_fs_prefix</name>
<value>/home/openca//apache/htdocs/node</value>
</option>
<option>
<name>node_cgi_fs_prefix</name>
<value>/home/openca//apache/cgi-bin/node</value>
</option>
<option>
<name>ra_htdocs_fs_prefix</name>
<value>/home/openca//apache/htdocs/ra</value>
</option>
<option>
<name>ra_cgi_fs_prefix</name>
<value>/home/openca//apache/cgi-bin/ra</value>
</option>
<option>
<name>ldap_htdocs_fs_prefix</name>
<value>/home/openca//apache/htdocs/ldap</value>
</option>
<option>
<name>ldap_cgi_fs_prefix</name>
<value>/home/openca//apache/cgi-bin/ldap</value>
</option>
<option>
<name>pub_htdocs_fs_prefix</name>
<value>/home/openca//apache/htdocs/pub</value>
</option>
<option>
<name>pub_cgi_fs_prefix</name>
<value>/home/openca//apache/cgi-bin/pub</value>
</option>
<option>
<name>scep_cgi_fs_prefix</name>
<value>/home/openca//apache/cgi-bin/scep</value>
</option>
<!-- ===================== -->
<!-- configuration of SCEP -->
<!-- ===================== -->
<option>
<name>SCEP_RA_CERT</name>
<value></value>
</option>
<option>
<name>SCEP_RA_KEY</name>
<value></value>
</option>
<option>
<name>SCEP_RA_PASSWD</name>
<value></value>
</option>
<!-- ===================== -->
<!-- general configuration -->
<!-- ===================== -->
<option>
<name>prefix</name>
<value>/home/openca/</value>
</option>
<option>
<name>etc_prefix</name>
<value>/home/openca//OpenCA/etc</value>
</option>
<option>
<name>lib_prefix</name>
<value>/home/openca//OpenCA/lib</value>
</option>
<option>
<name>var_prefix</name>
<value>/home/openca//OpenCA/var</value>
</option>
<option>
<name>ca_prefix</name>
<value>ca</value>
</option>
<option>
<name>ldap_prefix</name>
<value>ldap</value>
</option>
<option>
<name>node_prefix</name>
<value>node</value>
</option>
<option>
<name>pub_prefix</name>
<value>pub</value>
</option>
<option>
<name>ra_prefix</name>
<value>ra</value>
</option>
<option>
<name>scep_prefix</name>
<value>scep</value>
</option>
<!-- ========================== -->
<!-- dataexchange configuration -->
<!-- ========================== -->
<!-- there are several templates available today -->
<!-- 0. no dataexchange configure - the default -->
<!-- this makes only sense for an all in one box -->
<!-- it is strongly recommended to use this only for testing -->
<!-- 1. the node acts as CA only -->
<!-- the node exports to one or several RAs only -->
<!-- the node can export to LDAP too -->
<!-- 2. the node acts as RA only -->
<!-- the node exchange data with a CA and public/scep -->
<!-- the node can act as LDAP too -->
<!-- the node can export to LDAP too -->
<!-- 3. the node acts as public/scep only -->
<!-- the node exchange data with a RA -->
<!-- 4. the node acts as LDAP only -->
<!-- the node receives data from CA or RA -->
<!-- 5. the node acts as public/scep and RA -->
<!-- the node echanges data with a CA only -->
<!-- no support for dataexchange with additional LDAP -->
<!-- 6. the node acts as RA and CA -->
<!-- the node exchange data with public/scep -->
<!-- the node can export to LDAP too -->
<!-- -->
<!-- LDAP is only relevant if it is the only protocol on the node -->
<!-- 0. no dataexchange configure - the default -->
<option>
<name>enroll_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_crl_states</name>
<value></value>
</option>
<option>
<name>enroll_crr_states</name>
<value></value>
</option>
<option>
<name>enroll_csr_states</name>
<value></value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value></value>
</option>
<option>
<name>receive_csr_states</name>
<value></value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>download_certificate_states</name>
<value></value>
</option>
<option>
<name>download_crl_states</name>
<value></value>
</option>
<option>
<name>download_crr_states</name>
<value></value>
</option>
<option>
<name>download_csr_states</name>
<value></value>
</option>
<option>
<name>download_mail_states</name>
<value></value>
</option>
<option>
<name>upload_crr_states</name>
<value></value>
</option>
<option>
<name>upload_csr_states</name>
<value></value>
</option>
<!-- 1. the node acts as CA only -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crr_states</name>
<value>ARCHIVED DELETED APPROVED</value>
</option>
<option>
<name>enroll_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>enroll_mail_states</name>
<value>CRINS DEFAULT</value>
</option>
<option>
<name>receive_crr_states</name>
<value>APPROVED</value>
</option>
<option>
<name>receive_csr_states</name>
<value>APPROVED</value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>download_certificate_states</name>
<value></value>
</option>
<option>
<name>download_crl_states</name>
<value></value>
</option>
<option>
<name>download_crr_states</name>
<value></value>
</option>
<option>
<name>download_csr_states</name>
<value></value>
</option>
<option>
<name>download_mail_states</name>
<value></value>
</option>
<option>
<name>upload_crr_states</name>
<value></value>
</option>
<option>
<name>upload_csr_states</name>
<value></value>
</option>
-->
<!-- 2. the node acts as RA only -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crr_states</name>
<value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value>
</option>
<option>
<name>enroll_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value>PENDING NEW</value>
</option>
<option>
<name>receive_csr_states</name>
<value>PENDING RENEW NEW</value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crr_states</name>
<value>ARCHIVED DELETED APPROVED</value>
</option>
<option>
<name>download_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>download_mail_states</name>
<value>CRINS DEFAULT</value>
</option>
<option>
<name>upload_crr_states</name>
<value>APPROVED</value>
</option>
<option>
<name>upload_csr_states</name>
<value>APPROVED</value>
</option>
-->
<!-- 3. the node acts as public/scep only -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_crl_states</name>
<value></value>
</option>
<option>
<name>enroll_crr_states</name>
<value></value>
</option>
<option>
<name>enroll_csr_states</name>
<value></value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value></value>
</option>
<option>
<name>receive_csr_states</name>
<value></value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crr_states</name>
<value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value>
</option>
<option>
<name>download_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>download_mail_states</name>
<value>CRINS DEFAULT</value>
</option>
<option>
<name>upload_crr_states</name>
<value>NEW</value>
</option>
<option>
<name>upload_csr_states</name>
<value>RENEW NEW</value>
</option>
-->
<!-- 4. the node acts as LDAP only -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_crl_states</name>
<value></value>
</option>
<option>
<name>enroll_crr_states</name>
<value></value>
</option>
<option>
<name>enroll_csr_states</name>
<value></value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value></value>
</option>
<option>
<name>receive_csr_states</name>
<value></value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crr_states</name>
<value>ARCHIVED DELETED APPROVED SIGNED PENDING RENEW NEW</value>
</option>
<option>
<name>download_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>download_mail_states</name>
<value></value>
</option>
<option>
<name>upload_crr_states</name>
<value></value>
</option>
<option>
<name>upload_csr_states</name>
<value></value>
</option>
-->
<!-- 5. the node acts as public/scep and RA -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_certificate_states</name>
<value></value>
</option>
<option>
<name>enroll_crl_states</name>
<value></value>
</option>
<option>
<name>enroll_crr_states</name>
<value></value>
</option>
<option>
<name>enroll_csr_states</name>
<value></value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value></value>
</option>
<option>
<name>receive_csr_states</name>
<value></value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>download_crr_states</name>
<value>ARCHIVED DELETED APPROVED</value>
</option>
<option>
<name>download_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>download_mail_states</name>
<value>CRINS DEFAULT</value>
</option>
<option>
<name>upload_crr_states</name>
<value>APPROVED</value>
</option>
<option>
<name>upload_csr_states</name>
<value>APPROVED</value>
</option>
-->
<!-- 6. the node acts as RA and CA -->
<!--
<option>
<name>enroll_ca_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_certificate_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crl_states</name>
<value>VALID</value>
</option>
<option>
<name>enroll_crr_states</name>
<value>ARCHIVED DELETED APPROVED SIGNED PENDING NEW</value>
</option>
<option>
<name>enroll_csr_states</name>
<value>ARCHIVED DELETED</value>
</option>
<option>
<name>enroll_mail_states</name>
<value></value>
</option>
<option>
<name>receive_crr_states</name>
<value>PENDING NEW</value>
</option>
<option>
<name>receive_csr_states</name>
<value>PENDING RENEW NEW</value>
</option>
<option>
<name>download_ca_certificate_states</name>
<value></value>
</option>
<option>
<name>download_certificate_states</name>
<value></value>
</option>
<option>
<name>download_crl_states</name>
<value></value>
</option>
<option>
<name>download_crr_states</name>
<value></value>
</option>
<option>
<name>download_csr_states</name>
<value></value>
</option>
<option>
<name>download_mail_states</name>
<value></value>
</option>
<option>
<name>upload_crr_states</name>
<value></value>
</option>
<option>
<name>upload_csr_states</name>
<value></value>
</option>
-->
</software_config>
</openca>
![https://xyz.org/mylogo.jpg"](https://xyz.org/mylogo.jpg"){kind=link}