Hi Nathan,
On Thu, Feb 07, 2008 at 09:20:53AM -0600, Nathan Yehle wrote:
> Thanks Alex and Sergei!
You're welcome ...
> I had originaly avoided this release as it seems the version of openssl-devel
> that comes standard with Redhat EL5 doesn't work with this build. (missing
> ec.h)
Hmmm, which version is that?
> After installing the new version of OpenXPKI it still didn't work but I have
> included a patch which seems to solve the problem with issuing certificates.
> what follows are my notes on installing, and at the end is the patch. I hope
> this helps some people, and perhapse you guys in finishing that documentation
> :) One thing I noticed is you seem to have missed Apache::Request and
> Config::Std in your perl module dependancy checks.
Thanks. These two are a bit tough - I believe you don't need
Apache::Request if you run a CGI version (not that I would recommend
that, though), so technically it is optional ...
As for Config::Std - this is needed by the deployment tools, which do
not have their own Makefile.PL ...
As for the patch ...
> change ENGINE to OPENXPKI in
> /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/OpenXPKI/Crypto/Backend/OpenSSL/Command/issue_cert.pm
> - if ( (uc($self->{TOKEN_TYPE}) ne 'CA') or ($key_store ne 'ENGINE'))
> + if ( (uc($self->{TOKEN_TYPE}) ne 'CA') or ($key_store ne 'OPENXPKI'))
> {
> if (not -e $self->{KEYFILE})
... I still believe that if the keystore is not 'ENGINE' (in which case
the key resides in hardware, so no keyfile is needed), OpenXPKI should
check for the existence of the key file.
> trying again will give permission denied on cakey.pem's location, since it
> was created as root, change the permissions to actualy make the key usable by
> openxpki:
> chown -R openxpki:openxpki /usr/etc/openxpki
Did you try to change the permission without the patch? I believe that
should already have solved your problem (-e fails if the path to the
file is not accessible).
> Then signing CSRs worked! All together a fascinating project,
Thanks, nice to hear that you like it ...
Best regards,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer
[EMAIL PROTECTED] | working @ urn:oid:1.3.6.1.4.1.11417
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
