I have done this... from memory you have to edit an OpenCA script rather
than set it in a config file. I shall have a look on Monday.
Chris...
Nuno Dias wrote:
Hi all,
I'm trying to generate a CRL with the Signature Algorithm using sha1
instead of md5.
How can i do that ? in openssl.cnf
Martin,
Cheers for the quick reply,
I change the level of items reported to stderr.log
have a look at etc/log.xml, most certainly you have got debug set
to 1 (there are two entries where you can set this value, I don't
currently know which controls which setting, so you will have to
try
Hello there,
can you do some tests please ?
Using OpenSSL can you dump the CA private key using the CA password ? If
you cann't, then this is some sort of problem with the key pem file (are
you sure that it is the same as the original, i.e. is a binary copy, I
am thinking of cr/lf type
Hello there, I have a question about the stderr.log under
/usr/local/OpenCA/openca/va/log.
OpenCA 0.9.2.2
OpenSSL 0.9.7
Mysql database
I am seeing _LOTS_ of messages in this file, most of which are not
errors (whole certificates output during the issuing batch process etc),
what
Guys,
The cleanup function should do that...at least I supposed it to do so :)
And yes, you can sefely delete them (except the four...)
i think there is one more file in the tmp directory you must not clean
(if you are using an hsm) and that is ca_hsm_lock.
Is it a good idea to put these
Oliver,
A Cert and CRL are links to the OpenCA directory, so I dont have to
care about crl updates. I found out that I have to send a SIGHUP to
apache to reread the new crl file...
Anyone knows a solution to reread the crl without doing so (I dont have
the appropriate rights on the maschine
Benjamin,
Do you know something about this following other errors?
1)
If I try to send email to users I get
Error 6296060
General Error Permission denied.
Not sure, but sounds like a file that the httpd server user can not access.
2)
RA-Information-CRLs-all
Error 700
General Error The
Pierre,
1. Batch process works fine for me but there is just one thing that is
not very handy:
When I use the command 'List Users' in the Batch System/Workflow
Management menu, then I don't have directly the list of the users but
instead I have got a list of the first letters for each
Alfonso,
Alfonso Sparano wrote:
Hello, some one use a smart-card to generate private key with XP?
Yes, I have used many different smart cards and usb tokens to generate
private keys in XP using OpenCA backend.
What type can I buy? Is it good to use by pgina for logon ? And in an
Active
Hello there,
Thanks for your help from forum.
May be I explained badly. What I want is replaced RA in OpenCA
with my application. I'd like to send from my application to OpenCA
requests.
The aplication would send certificate information to CA to issue
the certificate.
Latifa,
I have done this, and whene I tryed to access a local
https site using IE, new crl is not added to the
temporary internet files folder even after expiry of
crl, IE juste show a message to indicate that
informations about certificate revocation related to
site are not available.
Hmm,
Pierre,
So, I would like to know if it is normal behaviour for a CA to be able
to deliver two certificates with the same information in the DNs even if
the serial numbers are different.
yes this is normal as the serial number is in the certificte. I think
you can modify OpenCA via configuration
Pierre,
Then I need another explanation concerning Serial numbers and DNs.
I notice that when I renew a request, the new request and certificate
will have a new serial number and therefore a new DN.
So my newbie question not only concerns OpenCA:
Is it possible to renew a certificate without
Guys,
If use the information menue on the ra or ca interface and click on \all\ i get
The following messge:
\Allgemeiner Fehler 700: The compilation of the command cmdCrlList failed. Can\'t
use an undefined value as an ARRAY reference at (eval 115) line 75.\
I have patched the file crlList and
I use:
use mysql;
grant all on openca.* to [EMAIL PROTECTED];
update user set password=password('password-text') where user='openca';
flush privileges;
create database openca;
Chris...
Andréa Cavallari wrote:
Please, can anyone help with mysql?
When I tried to initialize Database from CA
The problem is that the version of OpenLDAP is too strict for the the
version of OpenCA. I am trying to find a version of OpenLDAP now that is
less strict, but still compiles on the later system I have.
Chris...
[EMAIL PROTECTED] wrote:
Guys, I know that 0.9.1.7 is old, but my production
Hello there,
I have openca server on: openca_rc start. But when I use Mozilla
with http://localhost/ca; appears a page with Enter CA and then it
does the request http://localhost/cgi-bin/ca?GetPageStatic.;.
But Mozilla say me: OpenCA Error: Server is not online or does not
Johnny,
I do this by setting what values are required in a CSR (pkcs#10) in the
pub.conf. You can say that the CSR does not need an o or c filed.
Chris...
Johnny Gonzalez wrote:
Hello Everybody,
I was thinking in a characteristic that OpenCA has,
When I make the configuration in the config.xml I
Eric,
What are the differences between DB and DBI settings in config.xml ?
DBI makes OpenCA use an external database like MySQL (preffered)
DB make OpenCA use the DB Files file based database (This option is
depreciated in the latest development release of OpenCA).
Chris...
Johnny,
Johnny Gonzalez wrote:
Hello Everybody,
I'm sending 10.000 requesto to OpenCA using a Java app
I wrote, to register the requests in OpenCA, I'm
calling the script /var/www/cgi-bin/pub/pki giving it
the required parameters for it to work.
Error addMessage failed for log slot xml (6512078).
Oliver,
wild guess - does the expiration date of the certificate exeed the CA
lifetime ?
No, I checked this, the CA cert does not expire until 2012. Also, OpenCA
picks up on this type of problem and gives a propper error message.
Chris...
---
the problem.
Chris...
Chris Covell wrote:
Oliver,
wild guess - does the expiration date of the certificate exeed the CA
lifetime ?
No, I checked this, the CA cert does not expire until 2012. Also, OpenCA
picks up on this type of problem and gives a propper error message.
Chris
In my experience FireFox signing works out of the box.
Chris...
Oliver Welter wrote:
Hi Jochen,
I tried several Browers as RA-Operator in order to sign cert requests.
But it only worked with MS IE on windows xp.
For my project i would like to use konqueror (on rh9) but the sign
request-Button on
Hello there...
Common Informations
OpenCA Version : 0.9.2-1
Perl Version: 5.8.3
OpenSSL Version : 0.9.7.d
Operating System: Linux Red Hat Enterprise version 2.1
Problem Description:
Right, I am
fighting a loosing battle here because of the Perl version I am
using ? Or is this an error people have seen before ?
Chris...
Chris Covell wrote:
OK, so I have piinned in down a bit.
When you use a DBI the fnction initDBI is called, this in turn calls
OpenCA/DBI.pm which has the line:
use POSIX qw
Guys,
I have a strange problem. I have configured a new openCA PKI (version
0.9.2.1) on a RedHat Enterprises V2.1 box (with perl 5.6.1). If I use DB
Files then the openca_start script works fine, but if I use DBI with
MySQL then the openca_start script seems to work (i.e. it does not
report an
Alfonso,
Alfonso Sparano wrote:
Do you have installed DBD::mysql perl module?
Try: perl -MCPAN -e'install DBD::mysql'
yes, I am in a Red hat environment so I installed the module via rpm.
# rpm -q perl-DBD-MySQL
# perl-DBD-MySQL-1.2216-4
I also have the perl-DBI module installed.
It is strange, as
Guys,
has anyone used the open smart card drivers (and openct) with openca 092
? I thought I would look into it (as a simple way of putting the CA Key
in hardware for a test PKI), but have hit a number of problems.
I suspect this is the way I am implementing, but going throug the CA
Guys,
has anyone used the open smart card drivers (and openct) with openca 092
? I thought I would look into it (as a simple way of putting the CA Key
in hardware for a test PKI), but have hit a number of problems.
I suspect this is the way I am implementing, but going throug the CA
Cesar,
Cesar Espinla wrote:
I need help to configure the batch processor system.
Is there any guideline or sample configuration files.
what version of OpenCA are you using ? The batch processors changed
after 0.9.1.
Chris...
---
This SF.Net
Cesar,
Cesar Espinla wrote:
I'm currently working with the CVS version of OpenCA configured with two
nodes CA and RA-PUB.
I have read the OpenCA Guide for Versions 0.9.2+ (chapter 16) but I
don't find a way make it work.
OK, from the example in Chapter 16, make a file called
Michael,
I already helped this guy, he was naming the tar file cacert.tar and not
writing it to the exchange device.
Chris...
Michael Bell wrote:
Hafeda Remch wrote:
Hi all,
I'm using openca.0.9.1.8. I have a root CA configured using openssl,
and a sub CA running openca. I have followed all the
Hafeda
On Tuesday 24 August 2004 09:16, Hafeda Remch wrote:
I'm using openca.0.9.1.8. I have a root CA configured using openssl, and a
sub CA running openca. I have followed all the steps to get the sub Ca
certificate signed by my root CA :
3)Make manually a new tar : cacert.tar
You need
Damon,
On Tuesday 13 July 2004 08:19, Damon Smith wrote:
Am I supposed to generate a certificate on the CA, and use dataexchange
to transfer it to the RA, then do something on the RA to make it the
RA's certificate?
I have just read your original and my first reply !
Have you been through the
Numo,
On Wednesday 07 July 2004 13:44, Nuno Dias wrote:
In openca-0.9.2-RC4 i have successful issue certificates of form
service/host in Common Name, can i change the openca-0.9.2-RC5
operation to work like openca-0.9.2-RC4 ?
For my case is important to issue certificates that have
Oliver,
On Friday 02 July 2004 19:47, Oliver Welter wrote:
Michael wrote some excelent scripts that call the basic functions
without the HTML stuff - the scripts are in openca/bin/ directory. I
dont know if there is any documentaion in the guide and I have only uses
some of the scripts yet
Hello Guys,
On Wednesday 30 June 2004 18:18, Martin Bartosch wrote:
Chris Covell mentioned he has written some Perl wrapper to do this
automatic issuance (using the Batch processor). It would be cool if
this could get published. -- Chris...?
please find attached a tar.gz file containing
Dalini,
On Tuesday 29 June 2004 17:48, dalini wrote:
Any ideas ?
yes, but no good news... i just try to trace down this problem
this is related to all browserbased signing at the moment is broken
somehow...
thanks for this ! I shall have a look too, (but don't hold your breath !!!).
Guys,
I am testing the x509 ACL functions in 0.9.2 (latest CVS). I have set the
Apache access control on ssl.conf (I am running Apache 2.0.*), and set the
ca.xml access control file to require x509. I have left the acl values as
.* for the moment.
When I log onto the CA (using IEv6) I get the
Johnny,
On Tuesday 29 June 2004 14:19, Johnny Gonzalez wrote:
Can anyone tell me which RFC defines X.509v3
certificates? And if OpenCA fits to that standard?
as far as I am aware the certificates produced by OpenSSL (i.e. OpenCA) are
x509v3 compliant. The standard is rfc 2459 I think.
Nuno,
On Saturday 26 June 2004 01:14, Nuno Ricardo Gomes Antunes wrote:
are the openca modules available for download separatly from the main
openca distfile (and from each other btw)? I would prefer to use CPAN but
unfortunatly those are too old..
have you looked at the OpenCA CVS located at
Guys,
I have finally got round to installing OpenCA 0.9.2 on my test machine. I
shall be running a set of volume tests, but in the mean time I have a
question...
0.9.2 uses a server process to manage connections, what defines that name of
the server process that the scripts connect to ? What
Many thanks for this...
On Monday 28 June 2004 15:31, Ives Steglich wrote:
0.9.2 uses a server process to manage connections, what defines that name
of the server process that the scripts connect to ? What I am getting at
here is can I run more than one instance of OpenCA on a single
Martin,
On Monday 28 June 2004 16:23, Martin Bartosch wrote:
Now I want the CA to *automatically* issue the imported CSRs:
- iterate through all incoming CSRs
- issue all certificates automatically
- export the new certificates down to the RA
You can't do this automagically with the bactch
Hello there,
On Monday 07 June 2004 10:04, Schlueter, Michael wrote:
Hi,
we're looking for a PKI solution which can handle a large number of
certificates (several ten thousands and even more). Does anyone has any
experience with the scalability of the current OpenCa implementation? What
is
Michael,
On Tuesday 01 June 2004 11:06, Dominique Lohez wrote:
Michael Konietzka wrote:
Using OpenCA 0.9.1.x, and apache 2.0 When, one tries to issue more than
6 certificates one gets messages corresponding to the first six
certificates.
Do you observe a similar behaviour.
Yes, I get the
Hello Oliver,
On Friday 28 May 2004 08:43, Oliver Adolph wrote:
I have a simple problem. I have a root CA running OpenCA 0.9.1.8 and i want
a sub CA below this CA. But how do I sign the certreq from this sub CA on
my root CA ? Is there a mechanism to import a certreq from another system ?
1.
Michael,
On Mon, 2004-05-24 at 09:35, Michael Portz wrote:
It is so silent on the list...are all problems solved?
Or was it just the vacations? Or are there technical
problems (iff you read this message timely there are
obviously not :)
You must have finished OpenCA now !!! It is so perfect,
On Monday 24 May 2004 14:47, Michael Konietzka wrote:
OK, done it this way using two different roles and it worked.
But I am using for both certificates the client-side generation.
Michael Bell said, for key recovery of the decryption certs i
should use the batch processor. So i will check
Marty,
On Wed, 2004-05-19 at 17:38, Marty Mathieu wrote:
Hello,
I'm trying to install OpenCA with Berkeley DB (because I have already
installed it for Openldap) and I have seen in the OpenCA Guides that
you suggest to contact you if we want to use a different base than
MySQL, PostGresSQL,
Dominique,
On Mon, 2004-05-17 at 16:15, Dominique Lohez wrote:
4) Once the process is blocked. walking through the Valid
Certificates list using the previous( ) or () next arrows ( but
not | or | ) causes the process to become unblocked ) . And
the It never becomes
Hello there,
On Mon, 2004-05-17 at 15:28, Michael Konietzka wrote:
The user should do enter his data once and he gets a x509-cert
for his signing cert and a pkcs12 for his decrypting cert.
OpenCA does support this, but you will need to generate each key pair
separately.
1. If you use the
Michael,
On Wed, 2004-05-19 at 11:32, Michael Konietzka wrote:
Ok, but how should I handle the different keyUsage in certification
process?
The OpenCA way of doing this is to have a different Role for each
certificate type. So I would have a Sign role where the key usage is
set to:
keyUsage
Michael,
On Wed, 2004-05-19 at 13:59, Michael Konietzka wrote:
Now I found some messages about dual-key support and exporting the encryption
certifactes to the LDAP.
I have written a little mod (for my own use) to only export certain
roles to the directory, it is bit of an inelegant hack,
Michael,
On Wed, 2004-05-19 at 15:08, Michael Bell wrote:
Chris, there is an option in OpenCA which can be used to exclude roles
from export. So this extra module is only necessary for 0.9.1. 0.9.2 has
this feature already included. Perhaps you can compare the code in LDAP.pm
with your own
Laurent,
On Sun, 2004-05-16 at 15:46, Laurent Mesuré wrote:
But just one thing, if i redo with two database, i can't stay on the
same computer for all isn't it?
because there is only ONE DBI.conf file. So i the db_name is opencaca
for CA and opencara for RA, how can i differentiate both
Valeria
On Fri, 2004-05-14 at 11:42, open_group wrote:
I think I've got the correct values in the config files (ca_node.conf,
ra.node.conf, etc.)...
I've chosen to write all data into .tar file instead of fd0, so I've
changed the config files according to the appropriate parameters.
Johnny,
On Fri, 2004-05-14 at 17:21, Johnny Gonzalez wrote:
Are you installing CA and RA in the same machine?? If
that's true, when you select to use a tar file instead
of /dev/fd0, you DON'T HAVE TO export any request or
certificates, It's done automatically, at least that's
the way it
Laurent,
On Thu, 2004-05-13 at 15:44, Laurent Mesuré wrote:
Have you used two separate databases ?
no database was the same
i redo with two different databases
Yes, good plan. This is how I have my test environments, on the same
computer but using different databases.
What version
I have just done a couple of new tests:
On Thu, 2004-05-06 at 15:03, Chris Covell wrote:
Dominique/Michael,
OpenCA 0.9.1-8 with Apache 1.3 BP work fine
OpenCA 0.9.1-8 with Apache 2.0 BP can't issue certificates.
Can you think of a way of describing this to the Apache guys so that I
can put
Hello there,
On Thu, 2004-05-06 at 17:30, Sebastian Rieger wrote:
Hi List!
just to ask before I go through /openca/cmds and other perl stuff... Is there any
easy way to generate a fresh CRL from a shell?
seems as if openca-sign etc. won't do that.
Thanks in advance for any hints!
We have
Michael,
thanks for getting back to me on this issue
On Wed, 2004-04-28 at 08:38, Michael Bell wrote:
do you know the last working release? I only test 0.9.2 batch system in
the last weeks because we (my university) decided to fully migrate to
the new system (better performance and better
Dominique,
I get the same with a limit of six
I am glad there is someone else with this problem !
If I do a BP of less that 5 certs at a time, then the process works
perfectly.
Using the 0.9..1-8 version
I have tried to get 20 certificates
The Bp works correctly and display the correct
Leon,
On Tue, 2004-04-27 at 08:50, lin leon wrote:
hi everybody:
I've done to the step : Export Configuration from CA
Put in a freshly formatted floppy,
make shure that wwwrun has access to /dev/fd0 (chown wwwrun /dev/fd0).
Open within the browser
Hello guys,
we have a project where I need to issue _lots_ of certificates, so I am
testing things out with the Batch Processors. Since I tested last time
(10,000 certs created using batch processors) I have moved up to OpenCA
0.9.1-7 and now run the system on Apache 2.0.48 and openssl 0.9.7a (as
Leon,
On Thu, 2004-04-15 at 08:04, lin leon wrote:
hi
i'd set the openca well.and everything looks good.but when i do the step
import certificate,it cannot write to zhe floppy(i think).it shows
everything is ok,but the floppy couldnt use then.it shows an io error.and
find nothing in the
The best thing for you to do is to join the OpenCA Users mailing list
and direct your question there.
But for now...
I think you are looking at the wrong section, HSM is for generating and
storing the PKI CA private key, if you just want to implement client
certificates. I am sure that you can
Guys,
I have noticed a problem with the 0.9.1-[7,8] Batch processors. We fixed
a problem recently in bpIssueCertificate, but the problem still exists
in bpRevokeCertificate. The verification of the signers role fails and
you can not batch revoke the certs. To fix the problem just replace...
Michael,
On Friday 26 March 2004 15:43, Michael Bell wrote:
Chris Covell wrote:
OK Michael, I have added a short section to the faq.txt file on CVS. If
you are happy with this then give me a shout and I can modify the other
versions of the FAQ.
Which file? I cannot find faq.txt
--
Subject: Re: [Openca-Users] OpenCA and Apache 2.0
Date: Fri, 26 Mar 2004 15:46:38 +0530
From: venkatesh [EMAIL PROTECTED]
To: [EMAIL PROTECTED], Chris Covell [EMAIL PROTECTED]
Chris,
looks like this functionality is not forward ported to Apache 2.0.48. see
this
http://nagoya.apache.org/bugzilla
Venki
On Friday 26 March 2004 13:07, venkatesh wrote:
Do you have patch for that. What version of Apache you are using? As I
learned from that issue entry, there is no working patch available yet.
Infact I can grep for the same error output, in mod_ssl sources of Apache
2.0.48.
If you have
Michael,
On Friday 26 March 2004 14:14, Michael Bell wrote:
SSLOptions +OptRenegotiation
Chris, please add this to one of the FAQ files. This is really important
for 0.9.2 too.
OK Michael, I have added a short section to the faq.txt file on CVS. If you
are happy with this then give me a
Hello Guys,
just wondering if anyone out there is using OpenCA with Apache 2.0. I am
looking at Apache 2 on my test system and have problem with SSL client
authenticated sessions and POSTing data from forms (e.g. when revoking a
certificate). I get the message on the screen The requested
Hello there
I am actually planning to use OpenCA in a production environment for a
closed community of 500 users. The certificates will be mainly used to
encrypt emails and to autenticate the end users (client-side Web
authentication and EAP-TLS).
Can anyone help me to find a answer to
Guys,
our OpenCA 0.9.1-7 deployment requires that external users request their own
certificates so we have little control over the Common Name entered by the
user. As part of our testing we have noted a number of problems caused by
specific characters when included within the CN, see below.
Hello there,
On Monday 08 March 2004 15:43, Diego I. Rosso wrote:
Hi, I have a problem in Phase 2 of configuration
Create the initial administrator
When I want to create a CA Operator Request, I recieve this failed output
[Mon Mar 08 12:22:16 2004] [error] [client 192.168.1.10]
-
From: Chris Covell
To: [EMAIL PROTECTED]
Sent: Monday, March 08, 2004 1:53 PM
Subject: Re: [Openca-Users] Openca Problem in Phase II
Hello there,
On Monday 08 March 2004 15:43, Diego I. Rosso wrote:
Hi, I have a problem in Phase 2 of configuration
Create
Hello there
On Thursday 19 February 2004 19:25, [EMAIL PROTECTED] wrote:
Hi,
We have OpenCA 0.9.1-7. We are trying to generate VPN Free/Swan's
certificates. This certificates need the DNS in the subjectAltName field.
We create a new rol and modify the openssl conf files and ext files for
Enrique,
On Thursday 19 February 2004 12:08, Enrique Rennison wrote:
I see that you have posted a message on the web about OpenCA on Redhat
Enterprise 2.1. Can you please tell me if OpenCA works on Redhat
Enterprise 2.1 linux?
I do not know ! This project was put on hold, so I never got a
Thanks for this Michael,
Certificate 3 FAILED (error 65: LDAP-add failed: unrecognized objectClass
'pkiCA')
pkiCA and pkiUser are standard classes. Please see
OPENCASRC/contrib/openldap/*.schema. If they are not in your directory
schema definitions then please add it to the OpenCA schema
Hello there !
I have just upgraded my test service from 0.9.1-1 to 0.9.1-7. All looked good
until I was testing the LDAP. I now get an error when importing my certs:
Certificate 3 FAILED (error 65: LDAP-add failed: unrecognized objectClass
'pkiCA')
I have stopped the directory and completely
Guys,
I have just experienced a Security Alert message from my live OpenCA 0.9.1-1
environment.
As a bit of background this environment was upgraded from 0.9.0-2 to 0.9.1-1 a
few months ago, all seems to be going well, until today when we went to
revoke a certificate.
Upon approving the
On Friday 23 January 2004 15:37, Chris Covell wrote:
Guys,
I have just experienced a Security Alert message from my live OpenCA
0.9.1-1 environment.
Upon approving the revocation request the screen reports a Error 690
Configuration Error. Error while storing the request.
My Apache log
Pat,
On Thursday 11 December 2003 22:58, Patricia wrote:
I'm almost there I generated the keys IN the token, than imported
the certificate into the token (with IE) and it worked fine I
I am glad you got it going !
installed Netscape 4.79 and now I can sign the requests with a Linux
Pat,
let us split up your questions !!!
On Wednesday 10 December 2003 22:28, Patricia wrote:
That is OK then. Can you confirm your errors, I thought you said that you
could sign using IE but not verify.
Yes, I can sign it when I use IE, but in Netscape not. When I click on
Approve and Sing
Pat,
On Wednesday 10 December 2003 22:38, Patricia wrote:
Again, I am not really sure what this function is for. I have used all
sorts of tokens (GEP, Rainbow, Activcard etc) but I create the keys and
CSR on the token using the RA public interface and it has always worked.
I use Rainbow
Pat,
On Thursday 04 December 2003 22:38, Patricia wrote:
Thanks a lot for your help I did what you said, but I got this error:
Importing CA Certificate to dB ...
Error 690
Configuration Error.
Error (1)
Pat,
On Saturday 06 December 2003 21:31, Patricia wrote:
1 - How can I revoke a certificate if I have lost the revocation PIN?
Use the RA interface. View certificates and then pick a certificate, there is
an button to revoke the cert at the bottom of the page.
2 - How can I suspend a
Pat,
On Monday 08 December 2003 15:02, Patricia wrote:
Thank you, Chris Everything OK about revoke and suspend
Good.
Now, about crypto-utils.lib. I read at OpenCA-developers that some
problems were found and the version 0.9.1-4 has already the patches to
correct them. I'm using
David,
On Thursday 04 December 2003 13:33, David W. Blaine wrote:
Hi Mike,
BTW, thanks for all your help in rebuilding my Root CA database. Now, I
have a question about Sub-CA's. I issued a Sub-CA certificate from the Root
CA and imported it into the Sub-CA's database ok. I am trying to
Pat,
On Thursday 04 December 2003 15:22, Patricia wrote:
No objects are present
I tried to import it to ra_node too and received the message:
Importing pending REQUEST ...
No objects are present
How is the process to sign the sub-CA certificate?
Thanks!
This is a bit of a
Barbara
On Wednesday 03 December 2003 14:34, Barbara Post wrote:
I went to the page of CA initialization. Database initialization works.
I clicked onto Generate new CA secret key, then entered des3 and
1024. The browser waits a moment, generating the key, then issues a
pop-up which source is
Barbara
On Wednesday 03 December 2003 16:11, Barbara Post wrote:
Nope, no error, just access messages. Last page served is
http://192.168.1.5/initCA.html (the rest is generated by javascript).
I guess I would also have to enable debug in OpenCA ?
Each lib has its own debug level, search for
Patricia,
On Tuesday 02 December 2003 15:28, Patricia wrote:
Hello, Michael!!!
I was away for some time, but now I am back again. We are testing the
openca with our HSM and the things are going well. We have already
generated the CA's key pair, request and auto signed certificate.
Hey good
Oliver,
On Wednesday 26 November 2003 12:08, Oliver Welter wrote:
anyone set up OpenCA with multiple eMail-Adresses for one cert ?
I have a simple Problem - all employees have 3 Mailadresses (in Fact
aliases of course). Is it possible to setup a certificate that includes
all of them ? Anyone
Michael,
while you have the signature verification code open I thought I would also
bring this to your attention...
The main use I make of signatures in OpenCA is to sign approvals so I can use
the CA Batch Processor to process them.
I have installed the patched crypto-utils.lib and PKCS7.pm
Gotzon,
On Thursday 20 November 2003 10:05, Gotzon Astondoa wrote:
I debug about it and i discover that the problem is in
/var/www/ca/scripts/getPasswd.js where the htdocs_url_prefix is /ca and
not /var/www/ca/apache/htdocs/ca/. If i put it manually it works fine.
I know that i can
Gottfried,
On Wednesday 19 November 2003 18:49, Gottfried Scheckenbach wrote:
sorry, perhaps I gave you a wrong hint - but I don't know it better... I
have also a strange problem eventually connected with chaining too: My
sub-ca crl has the issuer of the root-ca - see my mails from 2003/11/17.
I am very frustrated now.
On Monday 17 November 2003 18:00, Gottfried Scheckenbach wrote:
5. Import the CSR into the Root RA and get the Root CA to sign.
Don't forget to change (on root-ra) the Role in CSR to Sub-CA!
7.5 Run make in the chain directory.
8. Rebuild the Sub CA chain.
Guys,
As you know I have been having problems with signing using certs generated by
my sub CA. I am just about to rebuild the Sub CA to try and sort it out. Can
I get any of you that have done this to confirm my stages please...
1. Start with a fully working root CA and RA.
2. Configure and
1 - 100 of 195 matches
Mail list logo
