Update of /cvsroot/openca/openca-0.9/docs/guide/html_chunked
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5296/openca-0.9/docs/guide/html_chunked
Modified Files:
Tag: openca_0_9_2
ape.html apes02.html apes03.html apes04.html apes05.html
apes06.html apes07.html apes08.html apf.html bi01.html
go01.html index.html
Log Message:
fixed bug #1031096 and added country code problems to FAQ
Author of changes: michaelbell
Index: ape.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/ape.html,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -C2 -d -r1.24 -r1.24.2.1
*** ape.html 7 Sep 2004 14:19:01 -0000 1.24
--- ape.html 27 Sep 2004 13:38:22 -0000 1.24.2.1
***************
*** 8,30 ****
environment is not setted</a></dt><dt>2.6. <a href="apes02.html#id2843312">What do the new features of 0.9.2 be?</a></dt><dt>2.7. <a href="apes02.html#id2843421">I try to approve and sign a request with Mozilla and it fails.</a></dt><dt>2.8. <a href="apes02.html#id2843472">I try to approve and sign a request with Konqueror (KDE) and it fails.</a></dt><dt>2.9. <a href="apes02.html#id2843489">How is the format of the disc to import the CA certificate
from the root CA?</a></dt><dt>2.10. <a href="apes02.html#id2843506">OpenSSL reports
! entry 1: invalid expiry date</a></dt><dt>2.11. <a href="apes02.html#id2843543">Outlook cannot encrypt mail with imported certificate</a></dt><dt>2.12. <a href="apes02.html#id2843565">My Outlook freezes after I received a signed email</a></dt><dt>2.13. <a href="apes02.html#id2843587">General Error 6751 during certificate issuing</a></dt><dt>2.14. <a href="apes02.html#id2843693">What does I have to do if I create a new release?</a></dt><dt>2.15. <a href="apes02.html#id2843872">How can I configure Mozilla for OCSP?</a></dt></dl></dd><dt>3. <a href="apes03.html">Installation Issues</a></dt><dd><dl><dt>3.1. <a href="apes03.html#id2843927">FreeBSD and OpenCA</a></dt><dt>3.2. <a href="apes03.html#id2844098">Solaris and OpenCA</a></dt><dt>3.3. <a href="apes03.html#id2844167">What is a hierarchy level?</a></dt><dt>3.4. <a href="apes03.html#id2844264">Undefined subroutine &main::xyz</a></dt><dt>3.5. <a href="apes03.html#id2844335">Symbolic link installaton failed</a></dt><dt>3.6. <a href="apes03.html#id2844380">After the installation all common parts are missing</a></dt><dt>3.7. <a href="apes03.html#faq_duplicate_module">Conflicting Modules</a></dt><dt>3.8. <a href="apes03.html#id2844489">The xml path to the access control is missing</a></dt><dt>3.9. <a href="apes03.html#unknown_login_type">Unknown Login Type</a></dt><dt>3.10. <a href="apes03.html#id2844593">Type Mismatch during request
! generation with Internet Explorer</a></dt><dt>3.11. <a href="apes03.html#faq_openca_start_failed">openca(_rc) start failed</a></dt><dt>3.12. <a href="apes03.html#id2844690">Missing modules</a></dt></dl></dd><dt>4. <a href="apes04.html">Configuration Issues</a></dt><dd><dl><dt>4.1. <a href="apes04.html#id2844854">How can I configure my httpd.conf for virtual hosts?</a></dt><dt>4.2. <a href="apes04.html#id2844912">How can I configure virtual hosts with ./configure?</a></dt><dt>4.3. <a href="apes04.html#id2844955">I have some users which should not be published in LDAP.
! Does it be possible with OpenCA?</a></dt><dt>4.4. <a href="apes04.html#id2844979">Does it be possible to authenticate users by their
certificates at the apache before they will be authenticated by
! OpenCA itself?</a></dt><dt>4.5. <a href="apes04.html#id2845053">I want to update my 0.9.2 installation.
! Is this dangerous?</a></dt><dt>4.6. <a href="apes04.html#id2845094">I want update to 0.9.2. How can I update my sql database?</a></dt><dt>4.7. <a href="apes04.html#id2845335">If I run openca-ocspd then I obtain a segmentation fault.</a></dt><dt>4.8. <a href="apes04.html#id2845384">I installed a second public interface, run configure_etc.sh and
! now are all the paths in the other public interface wrong.</a></dt><dt>4.9. <a href="apes04.html#id2845429">I issue a certificate for a mailserver but sendmail doesn't work
and reports an errormessage which includes
reason=unsupported certificate purpose
! </a></dt><dt>4.10. <a href="apes04.html#id2845456">My (Microsoft) client hangs
! after it tries to start a secured connection</a></dt><dt>4.11. <a href="apes04.html#id2845527">Outlook freezes when receiving a signed Mail but worked
! already fine for some days</a></dt><dt>4.12. <a href="apes04.html#id2845551">During the request generation OpenCA fails and reports a too
! short textfield</a></dt><dt>4.13. <a href="apes04.html#id2845586">Can I place my organization's logo on the web interface?</a></dt><dt>4.14. <a href="apes04.html#id2845617">Cannot create new OpenCA tokenobject</a></dt><dt>4.15. <a href="apes04.html#id2845676">How can I use a Luna token with OpenCA 0.9.1</a></dt><dt>4.16. <a href="apes04.html#id2845750">How can I include a complete certificate chain into a PKCS#12 file?</a></dt><dt>4.17. <a href="apes04.html#id2845862">Unknown login type</a></dt><dt>4.18. <a href="apes04.html#id2845883">Cannot initialize cryptoshell
! but OpenSSL path is correct</a></dt><dt>4.19. <a href="apes04.html#id2845922">Emailaddress in subjectAltName but not in CA subject</a></dt><dt>4.20. <a href="apes04.html#id2845961">Missing environment variables from SSL</a></dt><dt>4.21. <a href="apes04.html#id2846030">Problems with the country name during PKCS#10 requests</a></dt></dl></dd><dt>5. <a href="apes05.html">Access Control problems</a></dt><dd><dl><dt>5.1. <a href="apes05.html#id2846083">Always get a login screen - again and again</a></dt><dt>5.2. <a href="apes05.html#id2846118">Error 6251023: Aborting connection - you are using a wrong channel</a></dt><dt>5.3. <a href="apes05.html#id2846139">Error 6251026: Aborting connection - you are using a wrong security protocol</a></dt><dt>5.4. <a href="apes05.html#id2846160">Error 6251029: Aborting connection - you are using the wrong computer</a></dt><dt>5.5. <a href="apes05.html#id2846178">Error 6251033: Aborting connection - you are using a wrong asymmetric cipher</a></dt><dt>5.6. <a href="apes05.html#id2846198">Error 6251036: Aborting connection - you are using a too short asymmetric keylength</a></dt><dt>5.7. <a href="apes05.html#id2846218">Error 6251039: Aborting connection - you are using a wrong symmetric cipher</a></dt><dt>5.8. <a href="apes05.html#id2846238">Error 6251043: Aborting connection - you are using a too short symmetric keylength</a></dt></dl></dd><dt>6. <a href="apes06.html">Dataexchange</a></dt><dd><dl><dt>6.1. <a href="apes06.html#id2846276">I try to export something but I get error 512
permission denied for
! /dev/fd0</a></dt><dt>6.2. <a href="apes06.html#id2846427">I try to import the CA certificate but it doesn't work.</a></dt><dt>6.3. <a href="apes06.html#id2846488">I crashed the database of the online server and now I want
to import all data again. How can I do it?
! </a></dt><dt>6.4. <a href="apes06.html#id2846520">I try to export the requests to the CA but it doesn't work
! </a></dt></dl></dd><dt>7. <a href="apes07.html">LDAP</a></dt><dd><dl><dt>7.1. <a href="apes07.html#id2846595">Errormessage: Connection refused.</a></dt><dt>7.2. <a href="apes07.html#id2846618">Errormessage: Bind failed. Errorcode 49.</a></dt><dt>7.3. <a href="apes07.html#id2846645">The resultcode of the nodeinsertion was 65.</a></dt><dt>7.4. <a href="apes07.html#id2846674">How can I get more debugging messages from OpenCA's LDAP code?</a></dt><dt>7.5. <a href="apes07.html#id2846700">How can I get more debugging messages from OpenLDAP?</a></dt></dl></dd><dt>8. <a href="apes08.html">Internationalization</a></dt><dd><dl><dt>8.1. <a href="apes08.html#id2846763">How can I fix a misspelling for a language?</a></dt><dt>8.2. <a href="apes08.html#id2846775">How can I add a new langiage?</a></dt><dt>8.3. <a href="apes08.html#id2846788">The compilation/make fails on the Perl module gettext</a></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2821249"></a>1. General PKI Issues</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2821259"></a>1.1. What is a certificate?</h3></div></div><div></div></div><p>
A certificate is a so called digital ID card. The correctness
of a certificate will be guarnteed by a certificate from a
--- 8,30 ----
environment is not setted</a></dt><dt>2.6. <a href="apes02.html#id2843312">What do the new features of 0.9.2 be?</a></dt><dt>2.7. <a href="apes02.html#id2843421">I try to approve and sign a request with Mozilla and it fails.</a></dt><dt>2.8. <a href="apes02.html#id2843472">I try to approve and sign a request with Konqueror (KDE) and it fails.</a></dt><dt>2.9. <a href="apes02.html#id2843489">How is the format of the disc to import the CA certificate
from the root CA?</a></dt><dt>2.10. <a href="apes02.html#id2843506">OpenSSL reports
! entry 1: invalid expiry date</a></dt><dt>2.11. <a href="apes02.html#id2843543">Outlook cannot encrypt mail with imported certificate</a></dt><dt>2.12. <a href="apes02.html#id2843565">My Outlook freezes after I received a signed email</a></dt><dt>2.13. <a href="apes02.html#id2843587">General Error 6751 during certificate issuing</a></dt><dt>2.14. <a href="apes02.html#id2843693">What does I have to do if I create a new release?</a></dt><dt>2.15. <a href="apes02.html#id2843872">How can I configure Mozilla for OCSP?</a></dt><dt>2.16. <a href="apes02.html#id2843914">Error 7211021: Cannot create request!</a></dt></dl></dd><dt>3. <a href="apes03.html">Installation Issues</a></dt><dd><dl><dt>3.1. <a href="apes03.html#id2843969">FreeBSD, OpenBSD and OpenCA</a></dt><dt>3.2. <a href="apes03.html#id2844146">Solaris and OpenCA</a></dt><dt>3.3. <a href="apes03.html#id2844221">What is a hierarchy level?</a></dt><dt>3.4. <a href="apes03.html#id2844318">Undefined subroutine &main::xyz</a></dt><dt>3.5. <a href="apes03.html#id2844389">Symbolic link installaton failed</a></dt><dt>3.6. <a href="apes03.html#id2844433">After the installation all common parts are missing</a></dt><dt>3.7. <a href="apes03.html#faq_duplicate_module">Conflicting Modules</a></dt><dt>3.8. <a href="apes03.html#id2844531">The xml path to the access control is missing</a></dt><dt>3.9. <a href="apes03.html#unknown_login_type">Unknown Login Type</a></dt><dt>3.10. <a href="apes03.html#id2844636">Type Mismatch during request
! generation with Internet Explorer</a></dt><dt>3.11. <a href="apes03.html#faq_openca_start_failed">openca(_rc) start failed</a></dt><dt>3.12. <a href="apes03.html#id2844733">Missing modules</a></dt></dl></dd><dt>4. <a href="apes04.html">Configuration Issues</a></dt><dd><dl><dt>4.1. <a href="apes04.html#id2844896">How can I configure my httpd.conf for virtual hosts?</a></dt><dt>4.2. <a href="apes04.html#id2844954">How can I configure virtual hosts with ./configure?</a></dt><dt>4.3. <a href="apes04.html#id2844997">I have some users which should not be published in LDAP.
! Does it be possible with OpenCA?</a></dt><dt>4.4. <a href="apes04.html#id2845022">Does it be possible to authenticate users by their
certificates at the apache before they will be authenticated by
! OpenCA itself?</a></dt><dt>4.5. <a href="apes04.html#id2845101">I want to update my 0.9.2 installation.
! Is this dangerous?</a></dt><dt>4.6. <a href="apes04.html#id2845143">I want update to 0.9.2. How can I update my sql database?</a></dt><dt>4.7. <a href="apes04.html#id2845384">If I run openca-ocspd then I obtain a segmentation fault.</a></dt><dt>4.8. <a href="apes04.html#id2845433">I installed a second public interface, run configure_etc.sh and
! now are all the paths in the other public interface wrong.</a></dt><dt>4.9. <a href="apes04.html#id2845478">I issue a certificate for a mailserver but sendmail doesn't work
and reports an errormessage which includes
reason=unsupported certificate purpose
! </a></dt><dt>4.10. <a href="apes04.html#id2845505">My (Microsoft) client hangs
! after it tries to start a secured connection</a></dt><dt>4.11. <a href="apes04.html#id2845576">Outlook freezes when receiving a signed Mail but worked
! already fine for some days</a></dt><dt>4.12. <a href="apes04.html#id2845600">During the request generation OpenCA fails and reports a too
! short textfield</a></dt><dt>4.13. <a href="apes04.html#id2845635">Can I place my organization's logo on the web interface?</a></dt><dt>4.14. <a href="apes04.html#id2845666">Cannot create new OpenCA tokenobject</a></dt><dt>4.15. <a href="apes04.html#id2845724">How can I use a Luna token with OpenCA 0.9.1</a></dt><dt>4.16. <a href="apes04.html#id2845799">How can I include a complete certificate chain into a PKCS#12 file?</a></dt><dt>4.17. <a href="apes04.html#id2845901">Unknown login type</a></dt><dt>4.18. <a href="apes04.html#id2845923">Cannot initialize cryptoshell
! but OpenSSL path is correct</a></dt><dt>4.19. <a href="apes04.html#id2845960">Emailaddress in subjectAltName but not in CA subject</a></dt><dt>4.20. <a href="apes04.html#id2846000">Missing environment variables from SSL</a></dt><dt>4.21. <a href="apes04.html#id2846069">Problems with the country name during PKCS#10 requests</a></dt></dl></dd><dt>5. <a href="apes05.html">Access Control problems</a></dt><dd><dl><dt>5.1. <a href="apes05.html#id2846122">Always get a login screen - again and again</a></dt><dt>5.2. <a href="apes05.html#id2846158">Error 6251023: Aborting connection - you are using a wrong channel</a></dt><dt>5.3. <a href="apes05.html#id2846179">Error 6251026: Aborting connection - you are using a wrong security protocol</a></dt><dt>5.4. <a href="apes05.html#id2846200">Error 6251029: Aborting connection - you are using the wrong computer</a></dt><dt>5.5. <a href="apes05.html#id2846218">Error 6251033: Aborting connection - you are using a wrong asymmetric cipher</a></dt><dt>5.6. <a href="apes05.html#id2846237">Error 6251036: Aborting connection - you are using a too short asymmetric keylength</a></dt><dt>5.7. <a href="apes05.html#id2846258">Error 6251039: Aborting connection - you are using a wrong symmetric cipher</a></dt><dt>5.8. <a href="apes05.html#id2846278">Error 6251043: Aborting connection - you are using a too short symmetric keylength</a></dt></dl></dd><dt>6. <a href="apes06.html">Dataexchange</a></dt><dd><dl><dt>6.1. <a href="apes06.html#id2846316">I try to export something but I get error 512
permission denied for
! /dev/fd0</a></dt><dt>6.2. <a href="apes06.html#id2846459">I try to import the CA certificate but it doesn't work.</a></dt><dt>6.3. <a href="apes06.html#id2846520">I crashed the database of the online server and now I want
to import all data again. How can I do it?
! </a></dt><dt>6.4. <a href="apes06.html#id2846552">I try to export the requests to the CA but it doesn't work
! </a></dt></dl></dd><dt>7. <a href="apes07.html">LDAP</a></dt><dd><dl><dt>7.1. <a href="apes07.html#id2846628">Errormessage: Connection refused.</a></dt><dt>7.2. <a href="apes07.html#id2846649">Errormessage: Bind failed. Errorcode 49.</a></dt><dt>7.3. <a href="apes07.html#id2846677">The resultcode of the nodeinsertion was 65.</a></dt><dt>7.4. <a href="apes07.html#id2846706">How can I get more debugging messages from OpenCA's LDAP code?</a></dt><dt>7.5. <a href="apes07.html#id2846732">How can I get more debugging messages from OpenLDAP?</a></dt></dl></dd><dt>8. <a href="apes08.html">Internationalization</a></dt><dd><dl><dt>8.1. <a href="apes08.html#id2846796">How can I fix a misspelling for a language?</a></dt><dt>8.2. <a href="apes08.html#id2846808">How can I add a new langiage?</a></dt><dt>8.3. <a href="apes08.html#id2846821">The compilation/make fails on the Perl module gettext</a></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2821249"></a>1. General PKI Issues</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2821259"></a>1.1. What is a certificate?</h3></div></div><div></div></div><p>
A certificate is a so called digital ID card. The correctness
of a certificate will be guarnteed by a certificate from a
Index: apes02.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/apes02.html,v
retrieving revision 1.22
retrieving revision 1.22.2.1
diff -C2 -d -r1.22 -r1.22.2.1
*** apes02.html 7 Sep 2004 14:19:01 -0000 1.22
--- apes02.html 27 Sep 2004 13:38:23 -0000 1.22.2.1
***************
*** 161,163 ****
--- 161,186 ----
<tt class="filename">ocspd.conf</tt>). Anyway by default you should
use <i class="parameter"><tt>http://10.13.1.13:2560/</tt></i>.
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2843914"></a>2.16. Error 7211021: Cannot create request!</h3></div></div><div></div></div><p>
+ Sometimes you get the following error message.
+ </p><div class="example"><a name="id2843926"></a><p class="title"><b>Example E.3. Error 7211021: Cannot create request!</b></p><pre class="programlisting">
+ Error 7211021
+ General Error. Cannot create request!
+
+ (OpenCA::REQ->new: Cannot create new request.
+ Backend fails with errorcode 7712071.
+ OpenCA::OpenSSL->genReq: Cannot execute command (7777067).
+ problems making Certificate Request 24649:
+ error:0D07A097:
+ asn1 encoding routines:
+ ASN1_mbstring_copy:
+ string too long:
+ a_mbstr.c:154:maxsize=2
+ error in req
+ ).
+ </pre></div><p>
+ The reason is very simple you entered more than two characters for
+ the ISO country code. Please check you form and the configuration
+ for the used country code. All ISO country codes are two
+ characters long - not one character and not more than two
+ characters.
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ape.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ape.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="apes03.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Appendix E. FAQ </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 3. Installation Issues</td></tr></table></div></body></html>
Index: apes03.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/apes03.html,v
retrieving revision 1.22
retrieving revision 1.22.2.1
diff -C2 -d -r1.22 -r1.22.2.1
*** apes03.html 7 Sep 2004 14:19:01 -0000 1.22
--- apes03.html 27 Sep 2004 13:38:23 -0000 1.22.2.1
***************
*** 1,3 ****
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>3. Installation Issues</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes02.html" title="2. General OpenCA Issues"><link rel="next" href="apes04.html" title="4. Configuration Issues"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">3. Installation Issues</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes02.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes04.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2843917"></a>3. Installation Issues</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2843927"></a>3.1. FreeBSD and OpenCA</h3></div></div><div></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2843934"></a>3.1.1. make</h4></div></div><div></div></div><p>
FreeBSD and potentially several other BSDs use an own
<span class="application">make</span>. Nearly the complete development of OpenCA
--- 1,6 ----
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>3. Installation Issues</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes02.html" title="2. General OpenCA Issues"><link rel="next" href="apes04.html" title="4. Configuration Issues"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">3. Installation Issues</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes02.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes04.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2843959"></a>3. Installation Issues</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2843969"></a>3.1. FreeBSD, OpenBSD and OpenCA</h3></div></div><div></div></div><p>
! Please ignore this section for OpenCA 0.9.2.0+ and snapshots
! after 2004-Sep-15.
! </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2843982"></a>3.1.1. make</h4></div></div><div></div></div><p>
FreeBSD and potentially several other BSDs use an own
<span class="application">make</span>. Nearly the complete development of OpenCA
***************
*** 17,21 ****
</pre></div><p>
GNU make is fully tested with OpenCA.
! </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2844008"></a>3.1.2. install</h4></div></div><div></div></div><p>
There is an additional problem with <span class="application">install</span>
like with <span class="application">make</span>. FreeBSD doesn't support the
--- 20,24 ----
</pre></div><p>
GNU make is fully tested with OpenCA.
! </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2844055"></a>3.1.2. install</h4></div></div><div></div></div><p>
There is an additional problem with <span class="application">install</span>
like with <span class="application">make</span>. FreeBSD doesn't support the
***************
*** 36,40 ****
You can install the port "coreutils" which includes the GNU install.
this is not a real bugfix but it works.
! </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844098"></a>3.2. Solaris and OpenCA</h3></div></div><div></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2844106"></a>3.2.1. make</h4></div></div><div></div></div><p>
Solaris has the same problems like the BSDs. The Solaris make
doesn't work with OpenCA's makefiles. The solution is to install
--- 39,46 ----
You can install the port "coreutils" which includes the GNU install.
this is not a real bugfix but it works.
! </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844146"></a>3.2. Solaris and OpenCA</h3></div></div><div></div></div><p>
! Please ignore this section for OpenCA 0.9.2.0+ and snapshots
! after 2004-Sep-15.
! </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2844159"></a>3.2.1. make</h4></div></div><div></div></div><p>
Solaris has the same problems like the BSDs. The Solaris make
doesn't work with OpenCA's makefiles. The solution is to install
***************
*** 51,55 ****
</pre></div><p>
GNU make is fully tested with OpenCA.
! </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844167"></a>3.3. What is a hierarchy level?</h3></div></div><div></div></div><p>
OpenCA 0.9.1 and earlier includes some protection mechanism to
avoid state injections during the dataexchange. Therefore you
--- 57,61 ----
</pre></div><p>
GNU make is fully tested with OpenCA.
! </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844221"></a>3.3. What is a hierarchy level?</h3></div></div><div></div></div><p>
OpenCA 0.9.1 and earlier includes some protection mechanism to
avoid state injections during the dataexchange. Therefore you
***************
*** 80,87 ****
in the administrator guide.
</p></li></ol></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844264"></a>3.4. <span class="errortext">Undefined subroutine &main::xyz</span></h3></div></div><div></div></div><p>
Usually the errortext is a little bit more descriptive and looks
like this:
! </p><div class="example"><a name="id2844278"></a><p class="title"><b>Example E.3. Full errormessage for missing functions</b></p><pre class="programlisting">[Thu Oct 09 14:50:52 2003] [error] [client 127.0.0.1] Undefined
subroutine &main::configError called at /var/www/cgi-bin/ca/ca line 86.,
referer: http://localhost/htdocs/ca/ </pre></div><p>
--- 86,93 ----
in the administrator guide.
</p></li></ol></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844318"></a>3.4. <span class="errortext">Undefined subroutine &main::xyz</span></h3></div></div><div></div></div><p>
Usually the errortext is a little bit more descriptive and looks
like this:
! </p><div class="example"><a name="id2844333"></a><p class="title"><b>Example E.4. Full errormessage for missing functions</b></p><pre class="programlisting">[Thu Oct 09 14:50:52 2003] [error] [client 127.0.0.1] Undefined
subroutine &main::configError called at /var/www/cgi-bin/ca/ca line 86.,
referer: http://localhost/htdocs/ca/ </pre></div><p>
***************
*** 98,106 ****
<span class="application">make install-xyz</span> again then all
libraries should be present.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844335"></a>3.5. Symbolic link installaton failed</h3></div></div><div></div></div><p>
Several user observed that OpenCA 0.9.1.x installation failed
during the installation of symbolic links for commands. The
errormessage simply reports an already present symbolic link.
! </p><div class="example"><a name="id2844350"></a><p class="title"><b>Example E.4. Already present symbolic link</b></p><pre class="programlisting"> make[8]: Entering directory
`/home/linux/tar/openca-0.9.1.2/src/web-interfaces/ca/cmds'
cd /usr/local/openca.0.9.2/openca/lib/servers/ca/cmds; \
--- 104,112 ----
<span class="application">make install-xyz</span> again then all
libraries should be present.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844389"></a>3.5. Symbolic link installaton failed</h3></div></div><div></div></div><p>
Several user observed that OpenCA 0.9.1.x installation failed
during the installation of symbolic links for commands. The
errormessage simply reports an already present symbolic link.
! </p><div class="example"><a name="id2844404"></a><p class="title"><b>Example E.5. Already present symbolic link</b></p><pre class="programlisting"> make[8]: Entering directory
`/home/linux/tar/openca-0.9.1.2/src/web-interfaces/ca/cmds'
cd /usr/local/openca.0.9.2/openca/lib/servers/ca/cmds; \
***************
*** 117,121 ****
is correct. If the target of the symbolic link doesn't exist
then the symbolic link is not removed and the error occurs.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844380"></a>3.6. After the installation all common parts are missing</h3></div></div><div></div></div><p>
If the command <b class="command">make install-*</b> doesn't report
an error and after the installation all common parts like modules,
--- 123,127 ----
is correct. If the target of the symbolic link doesn't exist
then the symbolic link is not removed and the error occurs.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844433"></a>3.6. After the installation all common parts are missing</h3></div></div><div></div></div><p>
If the command <b class="command">make install-*</b> doesn't report
an error and after the installation all common parts like modules,
***************
*** 142,146 ****
startup or always empty results for a configurationfile. First you should
search for the different version of XML::Twig.
! </p><div class="example"><a name="id2844462"></a><p class="title"><b>Example E.5. Search for XML::Twig modules</b></p><pre class="programlisting">
## every Unix
find / -name Twig.pm -print
--- 148,152 ----
startup or always empty results for a configurationfile. First you should
search for the different version of XML::Twig.
! </p><div class="example"><a name="id2844504"></a><p class="title"><b>Example E.6. Search for XML::Twig modules</b></p><pre class="programlisting">
## every Unix
find / -name Twig.pm -print
***************
*** 156,160 ****
only performed with 3.09. So we don't know what's happen if you use an
earlier version.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844489"></a>3.8. The xml path to the access control is missing</h3></div></div><div></div></div><p>
If you installed OpenCA and try to login to OpenCA then it can
happen that you see the errormessage <span class="errortext">The xml path to
--- 162,166 ----
only performed with 3.09. So we don't know what's happen if you use an
earlier version.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844531"></a>3.8. The xml path to the access control is missing</h3></div></div><div></div></div><p>
If you installed OpenCA and try to login to OpenCA then it can
happen that you see the errormessage <span class="errortext">The xml path to
***************
*** 188,192 ****
After this you can start openca again and please verify that the
permissions and owner are now correct.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844593"></a>3.10. <span class="errortext">Type Mismatch</span> during request
generation with Internet Explorer</h3></div></div><div></div></div><p>
If an Internet Explorer reports a type mismatch during the request
--- 194,198 ----
After this you can start openca again and please verify that the
permissions and owner are now correct.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844636"></a>3.10. <span class="errortext">Type Mismatch</span> during request
generation with Internet Explorer</h3></div></div><div></div></div><p>
If an Internet Explorer reports a type mismatch during the request
***************
*** 194,198 ****
Usually the reference to the VB script <tt class="filename">ieCSR.vbs</tt>
is wrong. This happens if the document root of the Apache is wrong.
! </p><div class="sidebar"><div class="example"><a name="id2844620"></a><p class="title"><b>Example E.6. Type Mismatch on Internet Explorer</b></p><pre class="programlisting">
Line: 88
Char: 1
--- 200,204 ----
Usually the reference to the VB script <tt class="filename">ieCSR.vbs</tt>
is wrong. This happens if the document root of the Apache is wrong.
! </p><div class="sidebar"><div class="example"><a name="id2844662"></a><p class="title"><b>Example E.7. Type Mismatch on Internet Explorer</b></p><pre class="programlisting">
Line: 88
Char: 1
***************
*** 202,206 ****
</pre></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="faq_openca_start_failed"></a>3.11. <b class="command">openca(_rc) start</b> failed</h3></div></div><div></div></div><p>
! </p><div class="example"><a name="id2844656"></a><p class="title"><b>Example E.7. Failed startup with wrong Net::Server version</b></p><pre class="programlisting">
#> /etc/rc.d/init.d/openca start
Starting OpenCA: Process Backgrounded
--- 208,212 ----
</pre></div></div><p>
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="faq_openca_start_failed"></a>3.11. <b class="command">openca(_rc) start</b> failed</h3></div></div><div></div></div><p>
! </p><div class="example"><a name="id2844698"></a><p class="title"><b>Example E.8. Failed startup with wrong Net::Server version</b></p><pre class="programlisting">
#> /etc/rc.d/init.d/openca start
Starting OpenCA: Process Backgrounded
***************
*** 220,224 ****
to check for the two necessary daemons - XML cache and OpenCA
server.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844690"></a>3.12. Missing modules</h3></div></div><div></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2844697"></a>3.12.1. XML::Parser</h4></div></div><div></div></div><p>
If you see one of the following errormessages during the
compilation or installation of OpenCA then you are missing
--- 226,230 ----
to check for the two necessary daemons - XML cache and OpenCA
server.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844733"></a>3.12. Missing modules</h3></div></div><div></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2844740"></a>3.12.1. XML::Parser</h4></div></div><div></div></div><p>
If you see one of the following errormessages during the
compilation or installation of OpenCA then you are missing
***************
*** 229,233 ****
any anomaly. Sometimes only the first make shows up an error
message because of the missing XML parser.
! </p><div class="sidebar"><div class="example"><a name="id2844724"></a><p class="title"><b>Example E.8. failing XML parsing during configuration</b></p><pre class="programlisting">
Checking if your kit is complete...
Looks good
--- 235,239 ----
any anomaly. Sometimes only the first make shows up an error
message because of the missing XML parser.
! </p><div class="sidebar"><div class="example"><a name="id2844766"></a><p class="title"><b>Example E.9. failing XML parsing during configuration</b></p><pre class="programlisting">
Checking if your kit is complete...
Looks good
***************
*** 254,258 ****
The second symptom can happen if you try to configure your
OpenCA software.
! </p><div class="sidebar"><div class="example"><a name="id2844765"></a><p class="title"><b>Example E.9. failing XML parsing during configuration</b></p><pre class="programlisting">
> ./configure_etc.sh
> =================================================================
--- 260,264 ----
The second symptom can happen if you try to configure your
OpenCA software.
! </p><div class="sidebar"><div class="example"><a name="id2844807"></a><p class="title"><b>Example E.10. failing XML parsing during configuration</b></p><pre class="programlisting">
> ./configure_etc.sh
> =================================================================
***************
*** 272,276 ****
files and check there length then usually only
<tt class="filename">Twig.pm.slow</tt> is not empty.
! </p><div class="sidebar"><div class="example"><a name="id2844814"></a><p class="title"><b>Example E.10. empty Twig.pm files because of missing XML::Parser</b></p><pre class="programlisting">
> > locate Twig.pm
> /home/ca/openca-0.9.2-RC4/src/modules/XML-Twig-3.09/blib/lib/XML/Twig.pm
--- 278,282 ----
files and check there length then usually only
<tt class="filename">Twig.pm.slow</tt> is not empty.
! </p><div class="sidebar"><div class="example"><a name="id2844856"></a><p class="title"><b>Example E.11. empty Twig.pm files because of missing XML::Parser</b></p><pre class="programlisting">
> > locate Twig.pm
> /home/ca/openca-0.9.2-RC4/src/modules/XML-Twig-3.09/blib/lib/XML/Twig.pm
Index: apes04.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/apes04.html,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -C2 -d -r1.24 -r1.24.2.1
*** apes04.html 7 Sep 2004 14:19:02 -0000 1.24
--- apes04.html 27 Sep 2004 13:38:23 -0000 1.24.2.1
***************
*** 1,6 ****
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4. Configuration Issues</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes03.html" title="3. Installation Issues"><link rel="next" href="apes05.html" title="5. Access Control problems"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4. Configuration Issues</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes03.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes05.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2844844"></a>4. Configuration Issues</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844854"></a>4.1. How can I configure my httpd.conf for virtual hosts?</h3></div></div><div></div></div><p>
Here is a small example for the configuration of a virtual host
for OpenCA.
! </p><div class="example"><a name="id2844867"></a><p class="title"><b>Example E.11. virtual host configuration</b></p><pre class="programlisting">
<VirtualHost _default_:443>
ServerName 157.159.100.42:443
--- 1,6 ----
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4. Configuration Issues</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes03.html" title="3. Installation Issues"><link rel="next" href="apes05.html" title="5. Access Control problems"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4. Configuration Issues</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes03.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes05.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2844887"></a>4. Configuration Issues</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844896"></a>4.1. How can I configure my httpd.conf for virtual hosts?</h3></div></div><div></div></div><p>
Here is a small example for the configuration of a virtual host
for OpenCA.
! </p><div class="example"><a name="id2844909"></a><p class="title"><b>Example E.12. virtual host configuration</b></p><pre class="programlisting">
<VirtualHost _default_:443>
ServerName 157.159.100.42:443
***************
*** 19,26 ****
You can also add <tt class="option">BindAddress</tt>
<i class="parameter"><tt>*</tt></i> to be sure.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844912"></a>4.2. How can I configure virtual hosts with ./configure?</h3></div></div><div></div></div><p>
Here is a small example from an OpenCA user which the developers
never planned but it works.
! </p><div class="example"><a name="id2844926"></a><p class="title"><b>Example E.12. ./configure and virtual hosts</b></p><pre class="programlisting">
--with-ca-htdocs-url-prefix=http://ca.dskt6807.zhwin.ch \
--with-node-htdocs-url-prefix=http://node.dskt6807.zhwin.ch \
--- 19,26 ----
You can also add <tt class="option">BindAddress</tt>
<i class="parameter"><tt>*</tt></i> to be sure.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844954"></a>4.2. How can I configure virtual hosts with ./configure?</h3></div></div><div></div></div><p>
Here is a small example from an OpenCA user which the developers
never planned but it works.
! </p><div class="example"><a name="id2844968"></a><p class="title"><b>Example E.13. ./configure and virtual hosts</b></p><pre class="programlisting">
--with-ca-htdocs-url-prefix=http://ca.dskt6807.zhwin.ch \
--with-node-htdocs-url-prefix=http://node.dskt6807.zhwin.ch \
***************
*** 31,35 ****
in <tt class="filename">config.xml</tt> if you use OpenCA 0.9.2 or
later.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844955"></a>4.3. I have some users which should not be published in LDAP.
Does it be possible with OpenCA?</h3></div></div><div></div></div><p>
Yes, it is possible. There is an option
--- 31,35 ----
in <tt class="filename">config.xml</tt> if you use OpenCA 0.9.2 or
later.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844997"></a>4.3. I have some users which should not be published in LDAP.
Does it be possible with OpenCA?</h3></div></div><div></div></div><p>
Yes, it is possible. There is an option
***************
*** 38,46 ****
all certificates which have this role will not be published via
the LDAP server.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2844979"></a>4.4. Does it be possible to authenticate users by their
certificates at the apache before they will be authenticated by
OpenCA itself?</h3></div></div><div></div></div><p>Yes, you can edit the httpd.conf in the appropriate way.
Please don't do this for the public interface.
! </p><div class="example"><a name="id2844995"></a><p class="title"><b>Example E.13. Client authentication with mod_ssl</b></p><pre class="programlisting">
<VirtualHost ra.mycompany.de:4443>
--- 38,46 ----
all certificates which have this role will not be published via
the LDAP server.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845022"></a>4.4. Does it be possible to authenticate users by their
certificates at the apache before they will be authenticated by
OpenCA itself?</h3></div></div><div></div></div><p>Yes, you can edit the httpd.conf in the appropriate way.
Please don't do this for the public interface.
! </p><div class="example"><a name="id2845038"></a><p class="title"><b>Example E.14. Client authentication with mod_ssl</b></p><pre class="programlisting">
<VirtualHost ra.mycompany.de:4443>
***************
*** 81,85 ****
If you no go to the RA then you have to choose a certificate
which your browser will use to authenticate you to the Apache. Please note, that for Apache 2.0.* you also need to add in the line "SSLOptions +OptRenegotiate" in order for Apache to re-negotiate the access permissions correctly.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845053"></a>4.5. I want to update my 0.9.2 installation.
Is this dangerous?</h3></div></div><div></div></div><p>
It is necessary that you update your OpenCA installation from time
--- 81,85 ----
If you no go to the RA then you have to choose a certificate
which your browser will use to authenticate you to the Apache. Please note, that for Apache 2.0.* you also need to add in the line "SSLOptions +OptRenegotiate" in order for Apache to re-negotiate the access permissions correctly.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845101"></a>4.5. I want to update my 0.9.2 installation.
Is this dangerous?</h3></div></div><div></div></div><p>
It is necessary that you update your OpenCA installation from time
***************
*** 96,100 ****
your complete installation before you start such critical
operations like an update.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845094"></a>4.6. I want update to 0.9.2. How can I update my sql database?</h3></div></div><div></div></div><p>
There are two general methods. You can use backup/restore or
you add the columns by hand.
--- 96,100 ----
your complete installation before you start such critical
operations like an update.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845143"></a>4.6. I want update to 0.9.2. How can I update my sql database?</h3></div></div><div></div></div><p>
There are two general methods. You can use backup/restore or
you add the columns by hand.
***************
*** 118,127 ****
contains the correct type names for every supported
database.
! </p><div class="table"><a name="id2845204"></a><p class="title"><b>Table E.1. Texttypes for different databases</b></p><table summary="Texttypes for different databases" border="1"><colgroup><col><col></colgroup><thead><tr><th>Database</th><th>type</th></tr></thead><tbody><tr><td>mysql</td><td>TEXT</td></tr><tr><td>Pg</td><td>text</td></tr><tr><td>DB2</td><td>long varchar</td></tr><tr><td>Oracle</td><td>varchar2 (1999)</td></tr></tbody></table></div><p>
</p></li><li><p>Go to the node interface.</p></li><li><p>Administration.</p></li><li><p>Databasehandling.</p></li><li><p>Update searchable attributes.</p></li></ol></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845335"></a>4.7. If I run openca-ocspd then I obtain a segmentation fault.</h3></div></div><div></div></div><p>
Some releases include an incomplete sample config. You have to
add something like this to your ocspd.conf:
! </p><div class="example"><a name="id2845349"></a><p class="title"><b>Example E.14. OCSP configuration for LDAP</b></p><pre class="programlisting">
[ OCSPD_default ]
....
--- 118,127 ----
contains the correct type names for every supported
database.
! </p><div class="table"><a name="id2845253"></a><p class="title"><b>Table E.1. Texttypes for different databases</b></p><table summary="Texttypes for different databases" border="1"><colgroup><col><col></colgroup><thead><tr><th>Database</th><th>type</th></tr></thead><tbody><tr><td>mysql</td><td>TEXT</td></tr><tr><td>Pg</td><td>text</td></tr><tr><td>DB2</td><td>long varchar</td></tr><tr><td>Oracle</td><td>varchar2 (1999)</td></tr></tbody></table></div><p>
</p></li><li><p>Go to the node interface.</p></li><li><p>Administration.</p></li><li><p>Databasehandling.</p></li><li><p>Update searchable attributes.</p></li></ol></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845384"></a>4.7. If I run openca-ocspd then I obtain a segmentation fault.</h3></div></div><div></div></div><p>
Some releases include an incomplete sample config. You have to
add something like this to your ocspd.conf:
! </p><div class="example"><a name="id2845398"></a><p class="title"><b>Example E.15. OCSP configuration for LDAP</b></p><pre class="programlisting">
[ OCSPD_default ]
....
***************
*** 132,140 ****
crl_entry_dn = cn=MyCA,ou=CA,o=MyOrg,c=MyCountry</pre></div><p>
Alternatively you can use http too:
! </p><div class="example"><a name="id2845367"></a><p class="title"><b>Example E.15. OCSP configuration for http</b></p><pre class="programlisting">
[ ocsp_crl ]
crl_url = http://my.ca-public.server
crl_entry_dn = /crl/cacrl.crl</pre></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845384"></a>4.8. I installed a second public interface, run configure_etc.sh and
now are all the paths in the other public interface wrong.</h3></div></div><div></div></div><p>
Before you run configure with the changed config.xml for the
--- 132,140 ----
crl_entry_dn = cn=MyCA,ou=CA,o=MyOrg,c=MyCountry</pre></div><p>
Alternatively you can use http too:
! </p><div class="example"><a name="id2845416"></a><p class="title"><b>Example E.16. OCSP configuration for http</b></p><pre class="programlisting">
[ ocsp_crl ]
crl_url = http://my.ca-public.server
crl_entry_dn = /crl/cacrl.crl</pre></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845433"></a>4.8. I installed a second public interface, run configure_etc.sh and
now are all the paths in the other public interface wrong.</h3></div></div><div></div></div><p>
Before you run configure with the changed config.xml for the
***************
*** 148,152 ****
only (!!!) and then run <b class="command">configure_etc.sh</b>
again.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845429"></a>4.9. I issue a certificate for a mailserver but sendmail doesn't work
and reports an errormessage which includes
“<span class="quote">reason=unsupported certificate purpose</span>”
--- 148,152 ----
only (!!!) and then run <b class="command">configure_etc.sh</b>
again.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845478"></a>4.9. I issue a certificate for a mailserver but sendmail doesn't work
and reports an errormessage which includes
“<span class="quote">reason=unsupported certificate purpose</span>”
***************
*** 157,161 ****
SSL servers are not enough because SMTP servers act as clients
too.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845456"></a>4.10. My (Microsoft) client hangs
after it tries to start a secured connection</h3></div></div><div></div></div><p>There are some situations where clients hang after they try to
connect to a TLS or SSL secured server. Examples are Microsoft
--- 157,161 ----
SSL servers are not enough because SMTP servers act as clients
too.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845505"></a>4.10. My (Microsoft) client hangs
after it tries to start a secured connection</h3></div></div><div></div></div><p>There are some situations where clients hang after they try to
connect to a TLS or SSL secured server. Examples are Microsoft
***************
*** 184,188 ****
the reasons why you don't expect such problems. You
“<span class="quote">only</span>” install some new server certificates and
! all problems are fixed like a simple network problem.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845527"></a>4.11. Outlook freezes when receiving a signed Mail but worked
already fine for some days</h3></div></div><div></div></div><p>The CDP of the certificate from the signature points to a
SSL-secured website which was signed by
--- 184,188 ----
the reasons why you don't expect such problems. You
“<span class="quote">only</span>” install some new server certificates and
! all problems are fixed like a simple network problem.</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845576"></a>4.11. Outlook freezes when receiving a signed Mail but worked
already fine for some days</h3></div></div><div></div></div><p>The CDP of the certificate from the signature points to a
SSL-secured website which was signed by
***************
*** 193,197 ****
mail certs it's ok to just change the webservers CDP URL and
reissue the webserver certificate.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845551"></a>4.12. During the request generation OpenCA fails and reports a too
short textfield</h3></div></div><div></div></div><p>Old versions of OpenCA include a hardwired minimum length for
HTML-textfields. The minimum length was three. You can change
--- 193,197 ----
mail certs it's ok to just change the webservers CDP URL and
reissue the webserver certificate.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845600"></a>4.12. During the request generation OpenCA fails and reports a too
short textfield</h3></div></div><div></div></div><p>Old versions of OpenCA include a hardwired minimum length for
HTML-textfields. The minimum length was three. You can change
***************
*** 200,204 ****
and configuration guide</span>”
<a href="ch04s04.html" title="4. CSRs">Section 4, “CSRs”</a>.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845586"></a>4.13. Can I place my organization's logo on the web interface?</h3></div></div><div></div></div><p>
Yes, please check <tt class="filename">etc/config.xml</tt>. There
are two options <tt class="option">menu_logo_left</tt> and
--- 200,204 ----
and configuration guide</span>”
<a href="ch04s04.html" title="4. CSRs">Section 4, “CSRs”</a>.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845635"></a>4.13. Can I place my organization's logo on the web interface?</h3></div></div><div></div></div><p>
Yes, please check <tt class="filename">etc/config.xml</tt>. There
are two options <tt class="option">menu_logo_left</tt> and
***************
*** 206,210 ****
logos in the menuframe. Please be careful with this feature
because it can reduce the usability of the software.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845617"></a>4.14. Cannot create new OpenCA tokenobject</h3></div></div><div></div></div><p>
The correct errormessage is usually:
</p><div class="sidebar"><p class="title"><b>Cannot create new OpenCA tokenobject</b></p><pre class="programlisting">
--- 206,210 ----
logos in the menuframe. Please be careful with this feature
because it can reduce the usability of the software.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845666"></a>4.14. Cannot create new OpenCA tokenobject</h3></div></div><div></div></div><p>
The correct errormessage is usually:
</p><div class="sidebar"><p class="title"><b>Cannot create new OpenCA tokenobject</b></p><pre class="programlisting">
***************
*** 223,227 ****
<option>
</pre></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845676"></a>4.15. How can I use a Luna token with OpenCA 0.9.1</h3></div></div><div></div></div><p>
You have to edit two files - OpenCA's <tt class="filename">ca.conf</tt>
and Chrysalis-ITS's <tt class="filename">Chrystoki.conf</tt>. First you
--- 223,227 ----
<option>
</pre></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845724"></a>4.15. How can I use a Luna token with OpenCA 0.9.1</h3></div></div><div></div></div><p>
You have to edit two files - OpenCA's <tt class="filename">ca.conf</tt>
and Chrysalis-ITS's <tt class="filename">Chrystoki.conf</tt>. First you
***************
*** 260,264 ****
</pre></div><p>
Now OpenCA 0.9.1 should be ready for Chrysalis-ITS LunaCA 3.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845750"></a>4.16. How can I include a complete certificate chain into a PKCS#12 file?</h3></div></div><div></div></div><p>
If you enroll a certificate and a private key to a user via file in
PKCS#12 format then you usually want to include the complete
--- 260,264 ----
</pre></div><p>
Now OpenCA 0.9.1 should be ready for Chrysalis-ITS LunaCA 3.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845799"></a>4.16. How can I include a complete certificate chain into a PKCS#12 file?</h3></div></div><div></div></div><p>
If you enroll a certificate and a private key to a user via file in
PKCS#12 format then you usually want to include the complete
***************
*** 299,306 ****
certificate.
</p></li></ol></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845862"></a>4.17. Unknown login type</h3></div></div><div></div></div><p>
If you get an errormessage which indicates that there was an unknown login
configured then please see <a href="apes03.html#faq_duplicate_module" title="3.7. Conflicting Modules">Section 3.7, “Conflicting Modules”</a>.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845883"></a>4.18. <span class="errortext">Cannot initialize cryptoshell</span>
but OpenSSL path is correct</h3></div></div><div></div></div><p>
If you get an error message that OpenCA cannot initialize the
--- 299,306 ----
certificate.
</p></li></ol></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845901"></a>4.17. Unknown login type</h3></div></div><div></div></div><p>
If you get an errormessage which indicates that there was an unknown login
configured then please see <a href="apes03.html#faq_duplicate_module" title="3.7. Conflicting Modules">Section 3.7, “Conflicting Modules”</a>.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845923"></a>4.18. <span class="errortext">Cannot initialize cryptoshell</span>
but OpenSSL path is correct</h3></div></div><div></div></div><p>
If you get an error message that OpenCA cannot initialize the
***************
*** 314,318 ****
daemons. This behaviour is a must to avoid implicit killed daemons
if you try to start your daemon twice.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845922"></a>4.19. Emailaddress in subjectAltName but not in CA subject</h3></div></div><div></div></div><p>
How can one create a CA certificate so that the DN does not
contain the email address, but the alternate name does? You
--- 314,318 ----
daemons. This behaviour is a must to avoid implicit killed daemons
if you try to start your daemon twice.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845960"></a>4.19. Emailaddress in subjectAltName but not in CA subject</h3></div></div><div></div></div><p>
How can one create a CA certificate so that the DN does not
contain the email address, but the alternate name does? You
***************
*** 322,331 ****
emailaddress. Don"t add the emailaddress to the subject of the
new request.
! </p><div class="sidebar"><div class="example"><a name="id2845945"></a><p class="title"><b>Example E.16. emailaddress for subjectAltName in CA certs</b></p><pre class="programlisting">
subjectAltName=email:xyz@...
</pre></div></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2845961"></a>4.20. Missing environment variables from SSL</h3></div></div><div></div></div><p>
Sometimes users see the following error message:
! </p><div class="sidebar"><div class="example"><a name="id2845974"></a><p class="title"><b>Example E.17. Missing mod_ssl standard environment variables</b></p><pre class="programlisting">
General Error 6251043:
Aborting connection - you are using a too short symmetric keylength ().
--- 322,331 ----
emailaddress. Don"t add the emailaddress to the subject of the
new request.
! </p><div class="sidebar"><div class="example"><a name="id2845985"></a><p class="title"><b>Example E.17. emailaddress for subjectAltName in CA certs</b></p><pre class="programlisting">
subjectAltName=email:xyz@...
</pre></div></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846000"></a>4.20. Missing environment variables from SSL</h3></div></div><div></div></div><p>
Sometimes users see the following error message:
! </p><div class="sidebar"><div class="example"><a name="id2846014"></a><p class="title"><b>Example E.18. Missing mod_ssl standard environment variables</b></p><pre class="programlisting">
General Error 6251043:
Aborting connection - you are using a too short symmetric keylength ().
***************
*** 343,355 ****
environment variables for SSL are not activated in your Apache.
You can confgure it like follows:
! </p><div class="sidebar"><div class="example"><a name="id2846012"></a><p class="title"><b>Example E.18. SSL environment variable configuration for Apache</b></p><pre class="programlisting">
SSLOptions +StdEnvVars +ExportCertData
</pre></div></div><p>
Please NEVER set the required symmetric keylength to 0. This is
security hole.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846030"></a>4.21. Problems with the country name during PKCS#10 requests</h3></div></div><div></div></div><p>
Sometimes there are problems with PKCS#10 requests. OpenCA
displays an error messages like this one:
! </p><div class="sidebar"><div class="example"><a name="id2846045"></a><p class="title"><b>Example E.19. </b></p><pre class="programlisting">
Error 700
General Error. Your request has to include C=.."
--- 343,355 ----
environment variables for SSL are not activated in your Apache.
You can confgure it like follows:
! </p><div class="sidebar"><div class="example"><a name="id2846052"></a><p class="title"><b>Example E.19. SSL environment variable configuration for Apache</b></p><pre class="programlisting">
SSLOptions +StdEnvVars +ExportCertData
</pre></div></div><p>
Please NEVER set the required symmetric keylength to 0. This is
security hole.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846069"></a>4.21. Problems with the country name during PKCS#10 requests</h3></div></div><div></div></div><p>
Sometimes there are problems with PKCS#10 requests. OpenCA
displays an error messages like this one:
! </p><div class="sidebar"><div class="example"><a name="id2846084"></a><p class="title"><b>Example E.20. </b></p><pre class="programlisting">
Error 700
General Error. Your request has to include C=.."
Index: apes05.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/apes05.html,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -C2 -d -r1.24 -r1.24.2.1
*** apes05.html 7 Sep 2004 14:19:02 -0000 1.24
--- apes05.html 27 Sep 2004 13:38:23 -0000 1.24.2.1
***************
*** 1,3 ****
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>5. Access Control problems</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes04.html" title="4. Configuration Issues"><link rel="next" href="apes06.html" title="6. Dataexchange"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">5. Access Control problems</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes04.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes06.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2846072"></a>5. Access Control problems</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846083"></a>5.1. Always get a login screen - again and again</h3></div></div><div></div></div><p>
You try to login with correct login and password. The result are
one or two frames with the login screen again.
--- 1,3 ----
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>5. Access Control problems</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes04.html" title="4. Configuration Issues"><link rel="next" href="apes06.html" title="6. Dataexchange"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">5. Access Control problems</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes04.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes06.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2846112"></a>5. Access Control problems</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846122"></a>5.1. Always get a login screen - again and again</h3></div></div><div></div></div><p>
You try to login with correct login and password. The result are
one or two frames with the login screen again.
***************
*** 12,32 ****
from CPAN or you install OpenCA again. If OpenCA cannot find this
module then it installs an actual version by itself.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846118"></a>5.2. Error 6251023: Aborting connection - you are using a wrong channel</h3></div></div><div></div></div><p>
This error message happens if you are using an apache without
mod_ssl but you specified <tt class="constant">mod_ssl</tt> in
your access control configuration.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846139"></a>5.3. Error 6251026: Aborting connection - you are using a wrong security protocol</h3></div></div><div></div></div><p>
This happens if the configuration requires
<tt class="constant">ssl</tt> but you are using http to access the interface.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846160"></a>5.4. Error 6251029: Aborting connection - you are using the wrong computer</h3></div></div><div></div></div><p>
The access to the interface is only allowed for some computers
with special IP addresses and you have not a computer with one
of these special addresses.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846178"></a>5.5. Error 6251033: Aborting connection - you are using a wrong asymmetric cipher</h3></div></div><div></div></div><p>
There is a problem with the algorithms which mod_ssl and your
browser are using. The configuration tries to enforce some
special algorithms for security reasons. Please contact your
administrators for more informations.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846198"></a>5.6. Error 6251036: Aborting connection - you are using a too short asymmetric keylength</h3></div></div><div></div></div><p>
The keylength of your certificate is too short if you are using
a certificate. If you don't use a certificate then the Apache
--- 12,32 ----
from CPAN or you install OpenCA again. If OpenCA cannot find this
module then it installs an actual version by itself.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846158"></a>5.2. Error 6251023: Aborting connection - you are using a wrong channel</h3></div></div><div></div></div><p>
This error message happens if you are using an apache without
mod_ssl but you specified <tt class="constant">mod_ssl</tt> in
your access control configuration.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846179"></a>5.3. Error 6251026: Aborting connection - you are using a wrong security protocol</h3></div></div><div></div></div><p>
This happens if the configuration requires
<tt class="constant">ssl</tt> but you are using http to access the interface.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846200"></a>5.4. Error 6251029: Aborting connection - you are using the wrong computer</h3></div></div><div></div></div><p>
The access to the interface is only allowed for some computers
with special IP addresses and you have not a computer with one
of these special addresses.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846218"></a>5.5. Error 6251033: Aborting connection - you are using a wrong asymmetric cipher</h3></div></div><div></div></div><p>
There is a problem with the algorithms which mod_ssl and your
browser are using. The configuration tries to enforce some
special algorithms for security reasons. Please contact your
administrators for more informations.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846237"></a>5.6. Error 6251036: Aborting connection - you are using a too short asymmetric keylength</h3></div></div><div></div></div><p>
The keylength of your certificate is too short if you are using
a certificate. If you don't use a certificate then the Apache
***************
*** 34,43 ****
keys. Please contact your local administrators to find out more
details.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846218"></a>5.7. Error 6251039: Aborting connection - you are using a wrong symmetric cipher</h3></div></div><div></div></div><p>
There is a problem with the algorithms which mod_ssl and your
browser are using. The configuration tries to enforce some
special algorithms for security reasons. Please contact your
administrators for more informations.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846238"></a>5.8. Error 6251043: Aborting connection - you are using a too short symmetric keylength</h3></div></div><div></div></div><p>
If your browser startis a connection to webserver via https then
the two software components try to negotiate about the
--- 34,43 ----
keys. Please contact your local administrators to find out more
details.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846258"></a>5.7. Error 6251039: Aborting connection - you are using a wrong symmetric cipher</h3></div></div><div></div></div><p>
There is a problem with the algorithms which mod_ssl and your
browser are using. The configuration tries to enforce some
special algorithms for security reasons. Please contact your
administrators for more informations.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846278"></a>5.8. Error 6251043: Aborting connection - you are using a too short symmetric keylength</h3></div></div><div></div></div><p>
If your browser startis a connection to webserver via https then
the two software components try to negotiate about the
Index: apes06.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/apes06.html,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -C2 -d -r1.24 -r1.24.2.1
*** apes06.html 7 Sep 2004 14:19:02 -0000 1.24
--- apes06.html 27 Sep 2004 13:38:23 -0000 1.24.2.1
***************
*** 1,3 ****
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>6. Dataexchange</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes05.html" title="5. Access Control problems"><link rel="next" href="apes07.html" title="7. LDAP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6. Dataexchange</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes05.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes07.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2846266"></a>6. Dataexchange</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846276"></a>6.1. I try to export something but I get error 512
“<span class="quote">permission denied</span>” for
<tt class="filename">/dev/fd0</tt></h3></div></div><div></div></div><p>
--- 1,3 ----
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>6. Dataexchange</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes05.html" title="5. Access Control problems"><link rel="next" href="apes07.html" title="7. LDAP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6. Dataexchange</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes05.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes07.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2846306"></a>6. Dataexchange</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846316"></a>6.1. I try to export something but I get error 512
“<span class="quote">permission denied</span>” for
<tt class="filename">/dev/fd0</tt></h3></div></div><div></div></div><p>
***************
*** 58,62 ****
after these operations.
</p></li></ol></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846427"></a>6.2. I try to import the CA certificate but it doesn't work.</h3></div></div><div></div></div><p>
Do you see the following during the import:
</p><pre class="programlisting">
--- 58,62 ----
after these operations.
</p></li></ol></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846459"></a>6.2. I try to import the CA certificate but it doesn't work.</h3></div></div><div></div></div><p>
Do you see the following during the import:
</p><pre class="programlisting">
***************
*** 96,100 ****
configuration files. It should contain at minimum
<i class="parameter"><tt>VALID</tt></i>.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846488"></a>6.3. I crashed the database of the online server and now I want
to import all data again. How can I do it?
</h3></div></div><div></div></div><p>
--- 96,100 ----
configuration files. It should contain at minimum
<i class="parameter"><tt>VALID</tt></i>.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846520"></a>6.3. I crashed the database of the online server and now I want
to import all data again. How can I do it?
</h3></div></div><div></div></div><p>
***************
*** 106,113 ****
be exported again. It is the same technology like for the
creation of a new node interface.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846520"></a>6.4. I try to export the requests to the CA but it doesn't work
</h3></div></div><div></div></div><p>Usually the log from the export shows no requests or looks
like this:
! </p><div class="example"><a name="id2846534"></a><p class="title"><b>Example E.20. Failed request upload</b></p><pre class="programlisting">
Exporting _REQUEST ...
--- 106,113 ----
be exported again. It is the same technology like for the
creation of a new node interface.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846552"></a>6.4. I try to export the requests to the CA but it doesn't work
</h3></div></div><div></div></div><p>Usually the log from the export shows no requests or looks
like this:
! </p><div class="example"><a name="id2846566"></a><p class="title"><b>Example E.21. Failed request upload</b></p><pre class="programlisting">
Exporting _REQUEST ...
Index: apes07.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/apes07.html,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -C2 -d -r1.24 -r1.24.2.1
*** apes07.html 7 Sep 2004 14:19:02 -0000 1.24
--- apes07.html 27 Sep 2004 13:38:23 -0000 1.24.2.1
***************
*** 1,8 ****
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>7. LDAP</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes06.html" title="6. Dataexchange"><link rel="next" href="apes08.html" title="8. Internationalization"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">7. LDAP</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes06.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes08.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2846585"></a>7. LDAP</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846595"></a>7.1. Errormessage: Connection refused.</h3></div></div><div></div></div><p>
This occurs if OpenCA cannot make a connection to the LDAP
directory. Make sure that the ldap server is running and is
listening on the correct port. Make sure that the settings in
<tt class="filename">ldap.xml</tt> match your ldap server settings.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846618"></a>7.2. Errormessage: Bind failed. Errorcode 49.</h3></div></div><div></div></div><p>
A connection has been made to the ldap server, but the
credentials to log into the server as admin are wrong. The bind
--- 1,8 ----
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>7. LDAP</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes06.html" title="6. Dataexchange"><link rel="next" href="apes08.html" title="8. Internationalization"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">7. LDAP</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes06.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="apes08.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2846618"></a>7. LDAP</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846628"></a>7.1. Errormessage: Connection refused.</h3></div></div><div></div></div><p>
This occurs if OpenCA cannot make a connection to the LDAP
directory. Make sure that the ldap server is running and is
listening on the correct port. Make sure that the settings in
<tt class="filename">ldap.xml</tt> match your ldap server settings.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846649"></a>7.2. Errormessage: Bind failed. Errorcode 49.</h3></div></div><div></div></div><p>
A connection has been made to the ldap server, but the
credentials to log into the server as admin are wrong. The bind
***************
*** 11,15 ****
and <tt class="option">passwd</tt> (the password of the ldap
administrator).
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846645"></a>7.3. The resultcode of the nodeinsertion was 65.</h3></div></div><div></div></div><p>
This sometimes means that OpenCA could not insert the
appropriate entry for a certificate (the exact definition is
--- 11,15 ----
and <tt class="option">passwd</tt> (the password of the ldap
administrator).
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846677"></a>7.3. The resultcode of the nodeinsertion was 65.</h3></div></div><div></div></div><p>
This sometimes means that OpenCA could not insert the
appropriate entry for a certificate (the exact definition is
***************
*** 18,27 ****
(core, cosine, inetorperson and openca). They are usually
specified in <tt class="filename">slapd.conf</tt>.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846674"></a>7.4. How can I get more debugging messages from OpenCA's LDAP code?</h3></div></div><div></div></div><p>
You can get more debugging informations by turning on debugging
in <tt class="filename">OPENCADIR/etc/ldap.xml</tt>
(i.e. <tt class="option"><debug>1</debug></tt>). The
most functions support this paramter.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846700"></a>7.5. How can I get more debugging messages from OpenLDAP?</h3></div></div><div></div></div><p>
The logging messages of OpenLDAP are sent to syslogd. OpenLDAP
uses the facility local4. You can find the files which contain
--- 18,27 ----
(core, cosine, inetorperson and openca). They are usually
specified in <tt class="filename">slapd.conf</tt>.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846706"></a>7.4. How can I get more debugging messages from OpenCA's LDAP code?</h3></div></div><div></div></div><p>
You can get more debugging informations by turning on debugging
in <tt class="filename">OPENCADIR/etc/ldap.xml</tt>
(i.e. <tt class="option"><debug>1</debug></tt>). The
most functions support this paramter.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846732"></a>7.5. How can I get more debugging messages from OpenLDAP?</h3></div></div><div></div></div><p>
The logging messages of OpenLDAP are sent to syslogd. OpenLDAP
uses the facility local4. You can find the files which contain
Index: apes08.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/apes08.html,v
retrieving revision 1.23
retrieving revision 1.23.2.1
diff -C2 -d -r1.23 -r1.23.2.1
*** apes08.html 7 Sep 2004 14:19:02 -0000 1.23
--- apes08.html 27 Sep 2004 13:38:23 -0000 1.23.2.1
***************
*** 1,5 ****
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>8. Internationalization</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes07.html" title="7. LDAP"><link rel="next" href="bi01.html" title="Bibliography"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">8. Internationalization</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes07.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="bi01.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2846754"></a>8. Internationalization</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846763"></a>8.1. How can I fix a misspelling for a language?</h3></div></div><div></div></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846775"></a>8.2. How can I add a new langiage?</h3></div></div><div></div></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846788"></a>8.3. The compilation/make fails on the Perl module gettext</h3></div></div><div></div></div><p>
Sometimes there are problems with the compilation of the Perl module
<span class="application">gettext</span>. The most common problem is a loader
--- 1,5 ----
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>8. Internationalization</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="ape.html" title="Appendix E. FAQ"><link rel="previous" href="apes07.html" title="7. LDAP"><link rel="next" href="bi01.html" title="Bibliography"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">8. Internationalization</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes07.html">Prev</a> </td><th width="60%" align="center">Appendix E. FAQ</th><td width="20%" align="right"> <a accesskey="n" href="bi01.html">Next</a></td></tr></table><hr></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2846786"></a>8. Internationalization</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846796"></a>8.1. How can I fix a misspelling for a language?</h3></div></div><div></div></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846808"></a>8.2. How can I add a new langiage?</h3></div></div><div></div></div><p>
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2846821"></a>8.3. The compilation/make fails on the Perl module gettext</h3></div></div><div></div></div><p>
Sometimes there are problems with the compilation of the Perl module
<span class="application">gettext</span>. The most common problem is a loader
Index: apf.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/apf.html,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -C2 -d -r1.9 -r1.9.2.1
*** apf.html 7 Sep 2004 14:19:02 -0000 1.9
--- apf.html 27 Sep 2004 13:38:23 -0000 1.9.2.1
***************
*** 1,38 ****
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Appendix F. Strategy</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="previous" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Appendix F. Strategy</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> </td></tr></table><hr></div><div class="appendix" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="id2849007"></a>Appendix F. Strategy</h2></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt>1. <a href="apf.html#id2849024">The Strategy Behind OpenCA Development</a></dt><dd><dl><dt>1.1. <a href="apf.html#id2849031">Scalability</a></dt><dt>1.2. <a href="apf.html#id2849047">Command Line API to CA and RA Functions</a></dt><dt>1.3. <a href="apf.html#id2849069">Automation functions</a></dt><dt>1.4. <a href="apf.html#id2849085">On-line CA model option</a></dt><dt>1.5. <a href="apf.html#id2849123">High Risk Environment Mode</a></dt><dt>1.6. <a href="apf.html#id2849141">Audit logging</a></dt><dt>1.7. <a href="apf.html#id2849155">Script/environment validation</a></dt><dt>1.8. <a href="apf.html#id2849175">Automated CA Key rollover</a></dt><dt>1.9. <a href="apf.html#id2849192">Function to process signing and encryption keys in one go</a></dt><dt>1.10. <a href="apf.html#id2849218">Secure storage and recovery of encryption keys</a></dt><dt>1.11. <a href="apf.html#id2849232">Web based OpenCA configuration and management</a></dt><dt>1.12. <a href="apf.html#id2849248">Improved key lifecycle management</a></dt><dt>1.13. <a href="apf.html#id2849262">Authentication via a third party</a></dt><dt>1.14. <a href="apf.html#id2849278">Improved debugging support</a></dt><dt>1.15. <a href="apf.html#id2849295">Improved error handling</a></dt><dt>1.16. <a href="apf.html#id2849311">Accreditation</a></dt></dl></dd></dl></div><p>
This appendix gives an over view of the current strategic direction of the OpenCA development. As all things it is liable to change, but this is the current thinking.
! </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2849024"></a>1. The Strategy Behind OpenCA Development</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849031"></a>1.1. Scalability</h3></div></div><div></div></div><p>
A statement from the OpenCA team to say that for a given server and database environment what is the expected volume of certificates. This is important for users planning installations.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849047"></a>1.2. Command Line API to CA and RA Functions</h3></div></div><div></div></div><p>
This would allow for complex scripts to be written around the OpenCA environment, hopefully paving the way for future modifications. This would also lead to the posibility of XKMS, CMS, SOAP based clients.
</p><p>
This would inlcude a fully documented PERL API scripting interface.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849069"></a>1.3. Automation functions</h3></div></div><div></div></div><p>
Automation of regular operations like: CRL production, certificate signing. This is important in production environments where you do not want Operations staff to have to manually produce regular CRLs, etc.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849085"></a>1.4. On-line CA model option</h3></div></div><div></div></div><p>
To accommodate an on-line CA model. i.e. a user can request a certificate and in the same session get the requested cert back. This can be used for "free email certs" or in closed user groups where only certain people have access to the public interface. It may be that this would only work with CA root key in hardware, or a special CA user logged on on a secure terminal to give the environment access to the CA password. In addition to this, the CA may keep a log of the number of times it was accessed.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849123"></a>1.5. High Risk Environment Mode</h3></div></div><div></div></div><p>
A high risk environment mode, which is based on a cd-rom or some similar write protected media, changeable configuration data and exchange data are hold on writeable media (like usb-based-hardware, maybe encryptable), and the ossupports something like se-linux or similar.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849141"></a>1.6. Audit logging</h3></div></div><div></div></div><p>
Audit of RA and CA operations to a tamper proof signed log. This is possibly a requirement to achive any form of accreditiation.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849155"></a>1.7. Script/environment validation</h3></div></div><div></div></div><p>
A function that ensures OpenCA is running in a "known" environment. Perhaps md5 signature creation (after installation) and run time validation.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849175"></a>1.8. Automated CA Key rollover</h3></div></div><div></div></div><p>
When reaching the end of the CA certificate lifetime, there is a certain point after which no usable end entity certificates can be issued whose desired validity *fully* fits into the CA certificates validity.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849192"></a>1.9. Function to process signing and encryption keys in one go</h3></div></div><div></div></div><p>
OpenCA could introduce the idea of "certificate profiles" where a user "requests" once but gets a "Profile" of certificate types". Secure storage and recovery of encryption keys would be part of this mechanism. The start of this is in the
new Batch processes in the form of the "Process".
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849218"></a>1.10. Secure storage and recovery of encryption keys</h3></div></div><div></div></div><p>
A function to provide (optional) key backup and recovery.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849232"></a>1.11. Web based OpenCA configuration and management</h3></div></div><div></div></div><p>
Enhancing the existing management screens to allow management of certificate roles and extensions, access control settings and node management i.e. a front end to the OpenSSL config files.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849248"></a>1.12. Improved key lifecycle management</h3></div></div><div></div></div><p>
Screens to allow users to renew their certificates, modify DN's etc.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849262"></a>1.13. Authentication via a third party</h3></div></div><div></div></div><p>
The ability to allow a user to request a certificate and authenticate themselves the authentication token is then checked against an independent directory.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849278"></a>1.14. Improved debugging support</h3></div></div><div></div></div><p>
I frequently get lost in the system when trying to debug things, often I wonder what functions get executed by OpenCA, the CGI system seems very opaque to me (and I consider myself an experienced Perl hacker)
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849295"></a>1.15. Improved error handling</h3></div></div><div></div></div><p>
I have seen OpenCA report crude error messages on seemingly harmless error conditions. When checking the code it was often something like an uninitialized variable that was used to call a method on.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849311"></a>1.16. Accreditation</h3></div></div><div></div></div><p>
Achieve Common Criteria/FIPS accreditation ! This is a long way off, but with OpenSSL being pushed through, then it may be possible !!!
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> </td></tr><tr><td width="40%" align="left" valign="top">Glossary </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> </td></tr></table></div></body></html>
--- 1,38 ----
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Appendix F. Strategy</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="previous" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Appendix F. Strategy</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> </td></tr></table><hr></div><div class="appendix" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="id2849040"></a>Appendix F. Strategy</h2></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt>1. <a href="apf.html#id2849058">The Strategy Behind OpenCA Development</a></dt><dd><dl><dt>1.1. <a href="apf.html#id2849065">Scalability</a></dt><dt>1.2. <a href="apf.html#id2849080">Command Line API to CA and RA Functions</a></dt><dt>1.3. <a href="apf.html#id2849102">Automation functions</a></dt><dt>1.4. <a href="apf.html#id2849118">On-line CA model option</a></dt><dt>1.5. <a href="apf.html#id2849156">High Risk Environment Mode</a></dt><dt>1.6. <a href="apf.html#id2849174">Audit logging</a></dt><dt>1.7. <a href="apf.html#id2849188">Script/environment validation</a></dt><dt>1.8. <a href="apf.html#id2849208">Automated CA Key rollover</a></dt><dt>1.9. <a href="apf.html#id2849225">Function to process signing and encryption keys in one go</a></dt><dt>1.10. <a href="apf.html#id2849251">Secure storage and recovery of encryption keys</a></dt><dt>1.11. <a href="apf.html#id2849264">Web based OpenCA configuration and management</a></dt><dt>1.12. <a href="apf.html#id2849281">Improved key lifecycle management</a></dt><dt>1.13. <a href="apf.html#id2849295">Authentication via a third party</a></dt><dt>1.14. <a href="apf.html#id2849311">Improved debugging support</a></dt><dt>1.15. <a href="apf.html#id2849328">Improved error handling</a></dt><dt>1.16. <a href="apf.html#id2849344">Accreditation</a></dt></dl></dd></dl></div><p>
This appendix gives an over view of the current strategic direction of the OpenCA development. As all things it is liable to change, but this is the current thinking.
! </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2849058"></a>1. The Strategy Behind OpenCA Development</h2></div></div><div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849065"></a>1.1. Scalability</h3></div></div><div></div></div><p>
A statement from the OpenCA team to say that for a given server and database environment what is the expected volume of certificates. This is important for users planning installations.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849080"></a>1.2. Command Line API to CA and RA Functions</h3></div></div><div></div></div><p>
This would allow for complex scripts to be written around the OpenCA environment, hopefully paving the way for future modifications. This would also lead to the posibility of XKMS, CMS, SOAP based clients.
</p><p>
This would inlcude a fully documented PERL API scripting interface.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849102"></a>1.3. Automation functions</h3></div></div><div></div></div><p>
Automation of regular operations like: CRL production, certificate signing. This is important in production environments where you do not want Operations staff to have to manually produce regular CRLs, etc.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849118"></a>1.4. On-line CA model option</h3></div></div><div></div></div><p>
To accommodate an on-line CA model. i.e. a user can request a certificate and in the same session get the requested cert back. This can be used for "free email certs" or in closed user groups where only certain people have access to the public interface. It may be that this would only work with CA root key in hardware, or a special CA user logged on on a secure terminal to give the environment access to the CA password. In addition to this, the CA may keep a log of the number of times it was accessed.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849156"></a>1.5. High Risk Environment Mode</h3></div></div><div></div></div><p>
A high risk environment mode, which is based on a cd-rom or some similar write protected media, changeable configuration data and exchange data are hold on writeable media (like usb-based-hardware, maybe encryptable), and the ossupports something like se-linux or similar.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849174"></a>1.6. Audit logging</h3></div></div><div></div></div><p>
Audit of RA and CA operations to a tamper proof signed log. This is possibly a requirement to achive any form of accreditiation.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849188"></a>1.7. Script/environment validation</h3></div></div><div></div></div><p>
A function that ensures OpenCA is running in a "known" environment. Perhaps md5 signature creation (after installation) and run time validation.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849208"></a>1.8. Automated CA Key rollover</h3></div></div><div></div></div><p>
When reaching the end of the CA certificate lifetime, there is a certain point after which no usable end entity certificates can be issued whose desired validity *fully* fits into the CA certificates validity.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849225"></a>1.9. Function to process signing and encryption keys in one go</h3></div></div><div></div></div><p>
OpenCA could introduce the idea of "certificate profiles" where a user "requests" once but gets a "Profile" of certificate types". Secure storage and recovery of encryption keys would be part of this mechanism. The start of this is in the
new Batch processes in the form of the "Process".
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849251"></a>1.10. Secure storage and recovery of encryption keys</h3></div></div><div></div></div><p>
A function to provide (optional) key backup and recovery.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849264"></a>1.11. Web based OpenCA configuration and management</h3></div></div><div></div></div><p>
Enhancing the existing management screens to allow management of certificate roles and extensions, access control settings and node management i.e. a front end to the OpenSSL config files.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849281"></a>1.12. Improved key lifecycle management</h3></div></div><div></div></div><p>
Screens to allow users to renew their certificates, modify DN's etc.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849295"></a>1.13. Authentication via a third party</h3></div></div><div></div></div><p>
The ability to allow a user to request a certificate and authenticate themselves the authentication token is then checked against an independent directory.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849311"></a>1.14. Improved debugging support</h3></div></div><div></div></div><p>
I frequently get lost in the system when trying to debug things, often I wonder what functions get executed by OpenCA, the CGI system seems very opaque to me (and I consider myself an experienced Perl hacker)
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849328"></a>1.15. Improved error handling</h3></div></div><div></div></div><p>
I have seen OpenCA report crude error messages on seemingly harmless error conditions. When checking the code it was often something like an uninitialized variable that was used to call a method on.
! </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2849344"></a>1.16. Accreditation</h3></div></div><div></div></div><p>
Achieve Common Criteria/FIPS accreditation ! This is a long way off, but with OpenSSL being pushed through, then it may be possible !!!
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"> </td></tr><tr><td width="40%" align="left" valign="top">Glossary </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> </td></tr></table></div></body></html>
Index: bi01.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/bi01.html,v
retrieving revision 1.45
retrieving revision 1.45.2.1
diff -C2 -d -r1.45 -r1.45.2.1
*** bi01.html 7 Sep 2004 14:19:02 -0000 1.45
--- bi01.html 27 Sep 2004 13:38:23 -0000 1.45.2.1
***************
*** 1,3 ****
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Bibliography</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="previous" href="apes08.html" title="8. Internationalization"><link rel="next" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Bibliography</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes08.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="go01.html">Next</a></td></tr></table><hr></div><div class="bibliography"><div class="titlepage"><div><div><h2 class="title"><a name="id2846931"></a>Bibliography</h2></div></div><div></div></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.openssl.org" target="_top">OpenSSL's webpage</a></i>. </span><span class="corpname">OpenSSL project. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.openca.org" target="_top">OpenCA's webpage</a></i>. </span><span class="corpname">OpenCA project. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.ietf.org/html.charters/pkix-charter.html" target="_top">PKIX</a></i>. </span><span class="corpname">IETF. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.ietf.org/rfc/rfc2246.txt" target="_top">RFC 2246</a>
The TLS Protocol Version 1.0</i>. </span><span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Dierks</span> and <span class="firstname">C.</span> <span class="surname">Allen</span>. </span><span class="corpname">IETF. </span><span class="date">January 1999. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.ietf.org/rfc/rfc2253.txt" target="_top">RFC 2253</a> LDAP -
UTF-8 String Representation of Distinguished Names</i>. </span><span class="corpname">IETF. </span><span class="date">December 1997. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.ietf.org/rfc/rfc2311.txt" target="_top">RFC 2311</a> S/MIME:
--- 1,3 ----
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Bibliography</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="previous" href="apes08.html" title="8. Internationalization"><link rel="next" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Bibliography</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apes08.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="go01.html">Next</a></td></tr></table><hr></div><div class="bibliography"><div class="titlepage"><div><div><h2 class="title"><a name="id2846964"></a>Bibliography</h2></div></div><div></div></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.openssl.org" target="_top">OpenSSL's webpage</a></i>. </span><span class="corpname">OpenSSL project. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.openca.org" target="_top">OpenCA's webpage</a></i>. </span><span class="corpname">OpenCA project. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.ietf.org/html.charters/pkix-charter.html" target="_top">PKIX</a></i>. </span><span class="corpname">IETF. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.ietf.org/rfc/rfc2246.txt" target="_top">RFC 2246</a>
The TLS Protocol Version 1.0</i>. </span><span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Dierks</span> and <span class="firstname">C.</span> <span class="surname">Allen</span>. </span><span class="corpname">IETF. </span><span class="date">January 1999. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.ietf.org/rfc/rfc2253.txt" target="_top">RFC 2253</a> LDAP -
UTF-8 String Representation of Distinguished Names</i>. </span><span class="corpname">IETF. </span><span class="date">December 1997. </span></p></div><div class="biblioentry"><p><span class="title"><i><a href="http://www.ietf.org/rfc/rfc2311.txt" target="_top">RFC 2311</a> S/MIME:
Index: go01.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/go01.html,v
retrieving revision 1.44
retrieving revision 1.44.2.1
diff -C2 -d -r1.44 -r1.44.2.1
*** go01.html 7 Sep 2004 14:19:05 -0000 1.44
--- go01.html 27 Sep 2004 13:38:23 -0000 1.44.2.1
***************
*** 1,3 ****
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Glossary</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="previous" href="bi01.html" title="Bibliography"><link rel="next" href="apf.html" title="Appendix F. Strategy"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Glossary</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="bi01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="apf.html">Next</a></td></tr></table><hr></div><div class="glossary"><div class="titlepage"><div><div><h2 class="title"><a name="id2848395"></a>Glossary</h2></div></div><div></div></div><dl><dt><a name="glossary_MS_ADS"></a>ADS</dt><dd><p>
Active Directory Services
</p></dd><dt><a name="glossary_CA"></a>CA</dt><dd><p>Certification Authority</p></dd><dt><a name="glossary_CRL"></a>CRL</dt><dd><p>Certificate Revocation List</p></dd><dt><a name="glossary_CRR"></a>CRR</dt><dd><p>Certificate Revocation Request</p></dd><dt><a name="glossary_CSR"></a>CSR</dt><dd><p>Certificate Signing Request</p></dd><dt><a name="glossary_DMZ"></a>DMZ</dt><dd><p>
--- 1,3 ----
! <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Glossary</title><link rel="stylesheet" href="default.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.61.3"><link rel="home" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="up" href="index.html" title="OpenCA Guide for Versions 0.9.2+"><link rel="previous" href="bi01.html" title="Bibliography"><link rel="next" href="apf.html" title="Appendix F. Strategy"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Glossary</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="bi01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="apf.html">Next</a></td></tr></table><hr></div><div class="glossary"><div class="titlepage"><div><div><h2 class="title"><a name="id2848429"></a>Glossary</h2></div></div><div></div></div><dl><dt><a name="glossary_MS_ADS"></a>ADS</dt><dd><p>
Active Directory Services
</p></dd><dt><a name="glossary_CA"></a>CA</dt><dd><p>Certification Authority</p></dd><dt><a name="glossary_CRL"></a>CRL</dt><dd><p>Certificate Revocation List</p></dd><dt><a name="glossary_CRR"></a>CRR</dt><dd><p>Certificate Revocation Request</p></dd><dt><a name="glossary_CSR"></a>CSR</dt><dd><p>Certificate Signing Request</p></dd><dt><a name="glossary_DMZ"></a>DMZ</dt><dd><p>
Index: index.html
===================================================================
RCS file: /cvsroot/openca/openca-0.9/docs/guide/html_chunked/index.html,v
retrieving revision 1.47
retrieving revision 1.47.2.1
diff -C2 -d -r1.47 -r1.47.2.1
*** index.html 7 Sep 2004 14:19:05 -0000 1.47
--- index.html 27 Sep 2004 13:38:23 -0000 1.47.2.1
***************
*** 10,32 ****
environment is not setted</a></dt><dt>2.6. <a href="apes02.html#id2843312">What do the new features of 0.9.2 be?</a></dt><dt>2.7. <a href="apes02.html#id2843421">I try to approve and sign a request with Mozilla and it fails.</a></dt><dt>2.8. <a href="apes02.html#id2843472">I try to approve and sign a request with Konqueror (KDE) and it fails.</a></dt><dt>2.9. <a href="apes02.html#id2843489">How is the format of the disc to import the CA certificate
from the root CA?</a></dt><dt>2.10. <a href="apes02.html#id2843506">OpenSSL reports
! entry 1: invalid expiry date</a></dt><dt>2.11. <a href="apes02.html#id2843543">Outlook cannot encrypt mail with imported certificate</a></dt><dt>2.12. <a href="apes02.html#id2843565">My Outlook freezes after I received a signed email</a></dt><dt>2.13. <a href="apes02.html#id2843587">General Error 6751 during certificate issuing</a></dt><dt>2.14. <a href="apes02.html#id2843693">What does I have to do if I create a new release?</a></dt><dt>2.15. <a href="apes02.html#id2843872">How can I configure Mozilla for OCSP?</a></dt></dl></dd><dt>3. <a href="apes03.html">Installation Issues</a></dt><dd><dl><dt>3.1. <a href="apes03.html#id2843927">FreeBSD and OpenCA</a></dt><dt>3.2. <a href="apes03.html#id2844098">Solaris and OpenCA</a></dt><dt>3.3. <a href="apes03.html#id2844167">What is a hierarchy level?</a></dt><dt>3.4. <a href="apes03.html#id2844264">Undefined subroutine &main::xyz</a></dt><dt>3.5. <a href="apes03.html#id2844335">Symbolic link installaton failed</a></dt><dt>3.6. <a href="apes03.html#id2844380">After the installation all common parts are missing</a></dt><dt>3.7. <a href="apes03.html#faq_duplicate_module">Conflicting Modules</a></dt><dt>3.8. <a href="apes03.html#id2844489">The xml path to the access control is missing</a></dt><dt>3.9. <a href="apes03.html#unknown_login_type">Unknown Login Type</a></dt><dt>3.10. <a href="apes03.html#id2844593">Type Mismatch during request
! generation with Internet Explorer</a></dt><dt>3.11. <a href="apes03.html#faq_openca_start_failed">openca(_rc) start failed</a></dt><dt>3.12. <a href="apes03.html#id2844690">Missing modules</a></dt></dl></dd><dt>4. <a href="apes04.html">Configuration Issues</a></dt><dd><dl><dt>4.1. <a href="apes04.html#id2844854">How can I configure my httpd.conf for virtual hosts?</a></dt><dt>4.2. <a href="apes04.html#id2844912">How can I configure virtual hosts with ./configure?</a></dt><dt>4.3. <a href="apes04.html#id2844955">I have some users which should not be published in LDAP.
! Does it be possible with OpenCA?</a></dt><dt>4.4. <a href="apes04.html#id2844979">Does it be possible to authenticate users by their
certificates at the apache before they will be authenticated by
! OpenCA itself?</a></dt><dt>4.5. <a href="apes04.html#id2845053">I want to update my 0.9.2 installation.
! Is this dangerous?</a></dt><dt>4.6. <a href="apes04.html#id2845094">I want update to 0.9.2. How can I update my sql database?</a></dt><dt>4.7. <a href="apes04.html#id2845335">If I run openca-ocspd then I obtain a segmentation fault.</a></dt><dt>4.8. <a href="apes04.html#id2845384">I installed a second public interface, run configure_etc.sh and
! now are all the paths in the other public interface wrong.</a></dt><dt>4.9. <a href="apes04.html#id2845429">I issue a certificate for a mailserver but sendmail doesn't work
and reports an errormessage which includes
reason=unsupported certificate purpose
! </a></dt><dt>4.10. <a href="apes04.html#id2845456">My (Microsoft) client hangs
! after it tries to start a secured connection</a></dt><dt>4.11. <a href="apes04.html#id2845527">Outlook freezes when receiving a signed Mail but worked
! already fine for some days</a></dt><dt>4.12. <a href="apes04.html#id2845551">During the request generation OpenCA fails and reports a too
! short textfield</a></dt><dt>4.13. <a href="apes04.html#id2845586">Can I place my organization's logo on the web interface?</a></dt><dt>4.14. <a href="apes04.html#id2845617">Cannot create new OpenCA tokenobject</a></dt><dt>4.15. <a href="apes04.html#id2845676">How can I use a Luna token with OpenCA 0.9.1</a></dt><dt>4.16. <a href="apes04.html#id2845750">How can I include a complete certificate chain into a PKCS#12 file?</a></dt><dt>4.17. <a href="apes04.html#id2845862">Unknown login type</a></dt><dt>4.18. <a href="apes04.html#id2845883">Cannot initialize cryptoshell
! but OpenSSL path is correct</a></dt><dt>4.19. <a href="apes04.html#id2845922">Emailaddress in subjectAltName but not in CA subject</a></dt><dt>4.20. <a href="apes04.html#id2845961">Missing environment variables from SSL</a></dt><dt>4.21. <a href="apes04.html#id2846030">Problems with the country name during PKCS#10 requests</a></dt></dl></dd><dt>5. <a href="apes05.html">Access Control problems</a></dt><dd><dl><dt>5.1. <a href="apes05.html#id2846083">Always get a login screen - again and again</a></dt><dt>5.2. <a href="apes05.html#id2846118">Error 6251023: Aborting connection - you are using a wrong channel</a></dt><dt>5.3. <a href="apes05.html#id2846139">Error 6251026: Aborting connection - you are using a wrong security protocol</a></dt><dt>5.4. <a href="apes05.html#id2846160">Error 6251029: Aborting connection - you are using the wrong computer</a></dt><dt>5.5. <a href="apes05.html#id2846178">Error 6251033: Aborting connection - you are using a wrong asymmetric cipher</a></dt><dt>5.6. <a href="apes05.html#id2846198">Error 6251036: Aborting connection - you are using a too short asymmetric keylength</a></dt><dt>5.7. <a href="apes05.html#id2846218">Error 6251039: Aborting connection - you are using a wrong symmetric cipher</a></dt><dt>5.8. <a href="apes05.html#id2846238">Error 6251043: Aborting connection - you are using a too short symmetric keylength</a></dt></dl></dd><dt>6. <a href="apes06.html">Dataexchange</a></dt><dd><dl><dt>6.1. <a href="apes06.html#id2846276">I try to export something but I get error 512
permission denied for
! /dev/fd0</a></dt><dt>6.2. <a href="apes06.html#id2846427">I try to import the CA certificate but it doesn't work.</a></dt><dt>6.3. <a href="apes06.html#id2846488">I crashed the database of the online server and now I want
to import all data again. How can I do it?
! </a></dt><dt>6.4. <a href="apes06.html#id2846520">I try to export the requests to the CA but it doesn't work
! </a></dt></dl></dd><dt>7. <a href="apes07.html">LDAP</a></dt><dd><dl><dt>7.1. <a href="apes07.html#id2846595">Errormessage: Connection refused.</a></dt><dt>7.2. <a href="apes07.html#id2846618">Errormessage: Bind failed. Errorcode 49.</a></dt><dt>7.3. <a href="apes07.html#id2846645">The resultcode of the nodeinsertion was 65.</a></dt><dt>7.4. <a href="apes07.html#id2846674">How can I get more debugging messages from OpenCA's LDAP code?</a></dt><dt>7.5. <a href="apes07.html#id2846700">How can I get more debugging messages from OpenLDAP?</a></dt></dl></dd><dt>8. <a href="apes08.html">Internationalization</a></dt><dd><dl><dt>8.1. <a href="apes08.html#id2846763">How can I fix a misspelling for a language?</a></dt><dt>8.2. <a href="apes08.html#id2846775">How can I add a new langiage?</a></dt><dt>8.3. <a href="apes08.html#id2846788">The compilation/make fails on the Perl module gettext</a></dt></dl></dd></dl></dd><dt><a href="bi01.html">Bibliography</a></dt><dt><a href="go01.html">Glossary</a></dt><dt>F. <a href="apf.html">Strategy</a></dt><dd><dl><dt>1. <a href="apf.html#id2849024">The Strategy Behind OpenCA Development</a></dt><dd><dl><dt>1.1. <a href="apf.html#id2849031">Scalability</a></dt><dt>1.2. <a href="apf.html#id2849047">Command Line API to CA and RA Functions</a></dt><dt>1.3. <a href="apf.html#id2849069">Automation functions</a></dt><dt>1.4. <a href="apf.html#id2849085">On-line CA model option</a></dt><dt>1.5. <a href="apf.html#id2849123">High Risk Environment Mode</a></dt><dt>1.6. <a href="apf.html#id2849141">Audit logging</a></dt><dt>1.7. <a href="apf.html#id2849155">Script/environment validation</a></dt><dt>1.8. <a href="apf.html#id2849175">Automated CA Key rollover</a></dt><dt>1.9. <a href="apf.html#id2849192">Function to process signing and encryption keys in one go</a></dt><dt>1.10. <a href="apf.html#id2849218">Secure storage and recovery of encryption keys</a></dt><dt>1.11. <a href="apf.html#id2849232">Web based OpenCA configuration and management</a></dt><dt>1.12. <a href="apf.html#id2849248">Improved key lifecycle management</a></dt><dt>1.13. <a href="apf.html#id2849262">Authentication via a third party</a></dt><dt>1.14. <a href="apf.html#id2849278">Improved debugging support</a></dt><dt>1.15. <a href="apf.html#id2849295">Improved error handling</a></dt><dt>1.16. <a href="apf.html#id2849311">Accreditation</a></dt></dl></dd></dl></dd></dl></div><div class="list-of-figures"><p><b>List of Figures</b></p><dl><dt>1.1. <a href="ch01.html#id2816412">Database oriented view</a></dt><dt>1.2. <a href="ch01.html#id2816962">Logical data view</a></dt><dt>1.3. <a href="ch01s02.html#id2817102">Complete technical overview</a></dt><dt>1.4. <a href="ch01s06.html#id2816825">Life cycle of objects</a></dt><dt>4.1. <a href="ch04.html#id2821779">Passes of the accesscontrol</a></dt><dt>4.2. <a href="ch04.html#id2822057">Passphrase based login</a></dt><dt>4.3. <a href="ch04s02.html#id2822972">Tokenconcept</a></dt><dt>6.1. <a href="ch06.html#id2831537">Phases of the CA initialization</a></dt><dt>6.2. <a href="ch06.html#id2831626">Phase I of the CA initialization</a></dt><dt>6.3. <a href="ch06.html#id2831971">Phase II of the CA initialization</a></dt><dt>6.4. <a href="ch06.html#id2832043">Phase III of the CA initialization</a></dt><dt>7.1. <a href="ch07.html#image_user_request_cert">Request a certificate</a></dt><dt>10.1. <a href="ch10.html#id2835559">Example cryptolayer with tokens</a></dt><dt>11.1. <a href="ch11.html#id2835810">Passes of the accesscontrol</a></dt><dt>11.2. <a href="ch11.html#id2835918">Channel verification</a></dt><dt>11.3. <a href="ch11.html#id2836024">Identification of the user</a></dt><dt>11.4. <a href="ch11.html#id2836129">Access control list</a></dt><dt>15.1. <a href="ch15s02.html#id2838106">LDAP source schema</a></dt></dl></div><div class="list-of-tables"><p><b>List of Tables</b></p><dl><dt>3.1. <a href="ch03.html#id2818827">External Perl modules</a></dt><dt>3.2. <a href="ch03s02.html#id2819389">Supported parameters for host configuration</a></dt><dt>4.1. <a href="ch04s04.html#id2825323">Additional attributes configuration</a></dt><dt>4.2. <a href="ch04s04.html#id2825760">Generic basic CSR configuration</a></dt><dt>4.3. <a href="ch04s05.html#id2826041">Common stuff configuration</a></dt><dt>15.1. <a href="ch15.html#id2837553">Schema usage</a></dt><dt>15.2. <a href="ch15.html#id2837930">Schema usage for user certificates</a></dt><dt>16.1. <a href="ch16s05.html#id2839026">Default OpenCA workflow</a></dt><dt>16.2. <a href="ch16s07.html#id2839411">1000 User test</a></dt><dt>E.1. <a href="apes04.html#id2845204">Texttypes for different databases</a></dt></dl></div><div class="list-of-examples"><p><b>List of Examples</b></p><dl><dt>3.1. <a href="ch03s04.html#id2817670">Module ID calculation</a></dt><dt>4.1. <a href="ch04.html#id2821947">channel configuration</a></dt><dt>4.2. <a href="ch04.html#id2822149">Login and Passphrase configuration</a></dt><dt>4.3. <a href="ch04.html#id2822238">External program authentication configuration</a></dt><dt>4.4. <a href="ch04.html#id2822321">Authentication with certificates</a></dt><dt>4.5. <a href="ch04.html#id2822370">Session configuration</a></dt><dt>4.6. <a href="ch04.html#id2822403">Basic ACL configuration</a></dt><dt>4.7. <a href="ch04.html#id2822579">Permission for serverInfo</a></dt><dt>4.8. <a href="ch04.html#id2822774">Allow all</a></dt><dt>4.9. <a href="ch04s02.html#id2824031">Configuration of token.xml for nCipher</a></dt><dt>4.10. <a href="ch04s03.html#id2824688">OpenSSL configuration - Authority Key Identifier</a></dt><dt>4.11. <a href="ch04s03.html#id2825129">Minimal SSL client extensions</a></dt><dt>4.12. <a href="ch04s03.html#id2825150">Minimal SSL server extensions</a></dt><dt>4.13. <a href="ch04s03.html#id2825178">Minimal SMTP extensions for a single certificate</a></dt><dt>4.14. <a href="ch04s04.html#id2825302">Additional attributes configuration</a></dt><dt>4.15. <a href="ch04s04.html#id2825524">PKCS#10 configuration</a></dt><dt>4.16. <a href="ch04s04.html#id2825563">Basic CSR configuration</a></dt><dt>4.17. <a href="ch04s04.html#id2825961">Configuration example for a XML file based
HTML-select</a></dt><dt>4.18. <a href="ch04s07.html#id2826851">suffix in ldap.xml</a></dt><dt>4.19. <a href="ch04s07.html#id2826996">excluded roles in ldap.xml</a></dt><dt>4.20. <a href="ch04s07.html#id2827159">Schema extension for RDN
! uid_special</a></dt><dt>4.21. <a href="ch04s09.html#id2827521">Download configuration</a></dt><dt>4.22. <a href="ch04s09.html#id2827602">Export configuration</a></dt><dt>4.23. <a href="ch04s09.html#id2827636">Local export configuration</a></dt><dt>4.24. <a href="ch04s11.html#id2828536">/etc/mail/sendmail.mc</a></dt><dt>6.1. <a href="ch06s05.html#id2833423">SSCEP configuration</a></dt><dt>7.1. <a href="ch07s03.html#id2834602">OpenSSL 0.9.7 key usage and extended key usage for DCs</a></dt><dt>7.2. <a href="ch07s03.html#id2834635">OpenSSL 0.9.7 subjectAltName for DCs</a></dt><dt>7.3. <a href="ch07s03.html#id2834699">OpenSSL 0.9.7 certificate template name for DCs</a></dt><dt>7.4. <a href="ch07s03.html#id2834785">OpenSSL 0.9.8 subject alternative name section for DCs</a></dt><dt>7.5. <a href="ch07s03.html#id2834996">extendedKeyUsage for clients</a></dt><dt>16.1. <a href="ch16s03.html#id2838679">batch_new_user.txt</a></dt><dt>16.2. <a href="ch16s03.html#id2838698">batch_new_process.txt</a></dt><dt>16.3. <a href="ch16s03.html#id2838718">batch_process_data.txt</a></dt><dt>17.1. <a href="ch17s02.html#id2839894">SuSE packaging</a></dt><dt>E.1. <a href="apes02.html#id2843610">General error 6751 during certificate issueing</a></dt><dt>E.2. <a href="apes02.html#id2843642">Bad passphrase error log during certificate issueing</a></dt><dt>E.3. <a href="apes03.html#id2844278">Full errormessage for missing functions</a></dt><dt>E.4. <a href="apes03.html#id2844350">Already present symbolic link</a></dt><dt>E.5. <a href="apes03.html#id2844462">Search for XML::Twig modules</a></dt><dt>E.6. <a href="apes03.html#id2844620">Type Mismatch on Internet Explorer</a></dt><dt>E.7. <a href="apes03.html#id2844656">Failed startup with wrong Net::Server version</a></dt><dt>E.8. <a href="apes03.html#id2844724">failing XML parsing during configuration</a></dt><dt>E.9. <a href="apes03.html#id2844765">failing XML parsing during configuration</a></dt><dt>E.10. <a href="apes03.html#id2844814">empty Twig.pm files because of missing XML::Parser</a></dt><dt>E.11. <a href="apes04.html#id2844867">virtual host configuration</a></dt><dt>E.12. <a href="apes04.html#id2844926">./configure and virtual hosts</a></dt><dt>E.13. <a href="apes04.html#id2844995">Client authentication with mod_ssl</a></dt><dt>E.14. <a href="apes04.html#id2845349">OCSP configuration for LDAP</a></dt><dt>E.15. <a href="apes04.html#id2845367">OCSP configuration for http</a></dt><dt>E.16. <a href="apes04.html#id2845945">emailaddress for subjectAltName in CA certs</a></dt><dt>E.17. <a href="apes04.html#id2845974">Missing mod_ssl standard environment variables</a></dt><dt>E.18. <a href="apes04.html#id2846012">SSL environment variable configuration for Apache</a></dt><dt>E.19. <a href="apes04.html#id2846045"></a></dt><dt>E.20. <a href="apes06.html#id2846534">Failed request upload</a></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="pr01.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"> </td><td width="20%" align="center"> </td><td width="40%" align="right" valign="top"> Introduction</td></tr></table></div></body></html>
--- 10,32 ----
environment is not setted</a></dt><dt>2.6. <a href="apes02.html#id2843312">What do the new features of 0.9.2 be?</a></dt><dt>2.7. <a href="apes02.html#id2843421">I try to approve and sign a request with Mozilla and it fails.</a></dt><dt>2.8. <a href="apes02.html#id2843472">I try to approve and sign a request with Konqueror (KDE) and it fails.</a></dt><dt>2.9. <a href="apes02.html#id2843489">How is the format of the disc to import the CA certificate
from the root CA?</a></dt><dt>2.10. <a href="apes02.html#id2843506">OpenSSL reports
! entry 1: invalid expiry date</a></dt><dt>2.11. <a href="apes02.html#id2843543">Outlook cannot encrypt mail with imported certificate</a></dt><dt>2.12. <a href="apes02.html#id2843565">My Outlook freezes after I received a signed email</a></dt><dt>2.13. <a href="apes02.html#id2843587">General Error 6751 during certificate issuing</a></dt><dt>2.14. <a href="apes02.html#id2843693">What does I have to do if I create a new release?</a></dt><dt>2.15. <a href="apes02.html#id2843872">How can I configure Mozilla for OCSP?</a></dt><dt>2.16. <a href="apes02.html#id2843914">Error 7211021: Cannot create request!</a></dt></dl></dd><dt>3. <a href="apes03.html">Installation Issues</a></dt><dd><dl><dt>3.1. <a href="apes03.html#id2843969">FreeBSD, OpenBSD and OpenCA</a></dt><dt>3.2. <a href="apes03.html#id2844146">Solaris and OpenCA</a></dt><dt>3.3. <a href="apes03.html#id2844221">What is a hierarchy level?</a></dt><dt>3.4. <a href="apes03.html#id2844318">Undefined subroutine &main::xyz</a></dt><dt>3.5. <a href="apes03.html#id2844389">Symbolic link installaton failed</a></dt><dt>3.6. <a href="apes03.html#id2844433">After the installation all common parts are missing</a></dt><dt>3.7. <a href="apes03.html#faq_duplicate_module">Conflicting Modules</a></dt><dt>3.8. <a href="apes03.html#id2844531">The xml path to the access control is missing</a></dt><dt>3.9. <a href="apes03.html#unknown_login_type">Unknown Login Type</a></dt><dt>3.10. <a href="apes03.html#id2844636">Type Mismatch during request
! generation with Internet Explorer</a></dt><dt>3.11. <a href="apes03.html#faq_openca_start_failed">openca(_rc) start failed</a></dt><dt>3.12. <a href="apes03.html#id2844733">Missing modules</a></dt></dl></dd><dt>4. <a href="apes04.html">Configuration Issues</a></dt><dd><dl><dt>4.1. <a href="apes04.html#id2844896">How can I configure my httpd.conf for virtual hosts?</a></dt><dt>4.2. <a href="apes04.html#id2844954">How can I configure virtual hosts with ./configure?</a></dt><dt>4.3. <a href="apes04.html#id2844997">I have some users which should not be published in LDAP.
! Does it be possible with OpenCA?</a></dt><dt>4.4. <a href="apes04.html#id2845022">Does it be possible to authenticate users by their
certificates at the apache before they will be authenticated by
! OpenCA itself?</a></dt><dt>4.5. <a href="apes04.html#id2845101">I want to update my 0.9.2 installation.
! Is this dangerous?</a></dt><dt>4.6. <a href="apes04.html#id2845143">I want update to 0.9.2. How can I update my sql database?</a></dt><dt>4.7. <a href="apes04.html#id2845384">If I run openca-ocspd then I obtain a segmentation fault.</a></dt><dt>4.8. <a href="apes04.html#id2845433">I installed a second public interface, run configure_etc.sh and
! now are all the paths in the other public interface wrong.</a></dt><dt>4.9. <a href="apes04.html#id2845478">I issue a certificate for a mailserver but sendmail doesn't work
and reports an errormessage which includes
reason=unsupported certificate purpose
! </a></dt><dt>4.10. <a href="apes04.html#id2845505">My (Microsoft) client hangs
! after it tries to start a secured connection</a></dt><dt>4.11. <a href="apes04.html#id2845576">Outlook freezes when receiving a signed Mail but worked
! already fine for some days</a></dt><dt>4.12. <a href="apes04.html#id2845600">During the request generation OpenCA fails and reports a too
! short textfield</a></dt><dt>4.13. <a href="apes04.html#id2845635">Can I place my organization's logo on the web interface?</a></dt><dt>4.14. <a href="apes04.html#id2845666">Cannot create new OpenCA tokenobject</a></dt><dt>4.15. <a href="apes04.html#id2845724">How can I use a Luna token with OpenCA 0.9.1</a></dt><dt>4.16. <a href="apes04.html#id2845799">How can I include a complete certificate chain into a PKCS#12 file?</a></dt><dt>4.17. <a href="apes04.html#id2845901">Unknown login type</a></dt><dt>4.18. <a href="apes04.html#id2845923">Cannot initialize cryptoshell
! but OpenSSL path is correct</a></dt><dt>4.19. <a href="apes04.html#id2845960">Emailaddress in subjectAltName but not in CA subject</a></dt><dt>4.20. <a href="apes04.html#id2846000">Missing environment variables from SSL</a></dt><dt>4.21. <a href="apes04.html#id2846069">Problems with the country name during PKCS#10 requests</a></dt></dl></dd><dt>5. <a href="apes05.html">Access Control problems</a></dt><dd><dl><dt>5.1. <a href="apes05.html#id2846122">Always get a login screen - again and again</a></dt><dt>5.2. <a href="apes05.html#id2846158">Error 6251023: Aborting connection - you are using a wrong channel</a></dt><dt>5.3. <a href="apes05.html#id2846179">Error 6251026: Aborting connection - you are using a wrong security protocol</a></dt><dt>5.4. <a href="apes05.html#id2846200">Error 6251029: Aborting connection - you are using the wrong computer</a></dt><dt>5.5. <a href="apes05.html#id2846218">Error 6251033: Aborting connection - you are using a wrong asymmetric cipher</a></dt><dt>5.6. <a href="apes05.html#id2846237">Error 6251036: Aborting connection - you are using a too short asymmetric keylength</a></dt><dt>5.7. <a href="apes05.html#id2846258">Error 6251039: Aborting connection - you are using a wrong symmetric cipher</a></dt><dt>5.8. <a href="apes05.html#id2846278">Error 6251043: Aborting connection - you are using a too short symmetric keylength</a></dt></dl></dd><dt>6. <a href="apes06.html">Dataexchange</a></dt><dd><dl><dt>6.1. <a href="apes06.html#id2846316">I try to export something but I get error 512
permission denied for
! /dev/fd0</a></dt><dt>6.2. <a href="apes06.html#id2846459">I try to import the CA certificate but it doesn't work.</a></dt><dt>6.3. <a href="apes06.html#id2846520">I crashed the database of the online server and now I want
to import all data again. How can I do it?
! </a></dt><dt>6.4. <a href="apes06.html#id2846552">I try to export the requests to the CA but it doesn't work
! </a></dt></dl></dd><dt>7. <a href="apes07.html">LDAP</a></dt><dd><dl><dt>7.1. <a href="apes07.html#id2846628">Errormessage: Connection refused.</a></dt><dt>7.2. <a href="apes07.html#id2846649">Errormessage: Bind failed. Errorcode 49.</a></dt><dt>7.3. <a href="apes07.html#id2846677">The resultcode of the nodeinsertion was 65.</a></dt><dt>7.4. <a href="apes07.html#id2846706">How can I get more debugging messages from OpenCA's LDAP code?</a></dt><dt>7.5. <a href="apes07.html#id2846732">How can I get more debugging messages from OpenLDAP?</a></dt></dl></dd><dt>8. <a href="apes08.html">Internationalization</a></dt><dd><dl><dt>8.1. <a href="apes08.html#id2846796">How can I fix a misspelling for a language?</a></dt><dt>8.2. <a href="apes08.html#id2846808">How can I add a new langiage?</a></dt><dt>8.3. <a href="apes08.html#id2846821">The compilation/make fails on the Perl module gettext</a></dt></dl></dd></dl></dd><dt><a href="bi01.html">Bibliography</a></dt><dt><a href="go01.html">Glossary</a></dt><dt>F. <a href="apf.html">Strategy</a></dt><dd><dl><dt>1. <a href="apf.html#id2849058">The Strategy Behind OpenCA Development</a></dt><dd><dl><dt>1.1. <a href="apf.html#id2849065">Scalability</a></dt><dt>1.2. <a href="apf.html#id2849080">Command Line API to CA and RA Functions</a></dt><dt>1.3. <a href="apf.html#id2849102">Automation functions</a></dt><dt>1.4. <a href="apf.html#id2849118">On-line CA model option</a></dt><dt>1.5. <a href="apf.html#id2849156">High Risk Environment Mode</a></dt><dt>1.6. <a href="apf.html#id2849174">Audit logging</a></dt><dt>1.7. <a href="apf.html#id2849188">Script/environment validation</a></dt><dt>1.8. <a href="apf.html#id2849208">Automated CA Key rollover</a></dt><dt>1.9. <a href="apf.html#id2849225">Function to process signing and encryption keys in one go</a></dt><dt>1.10. <a href="apf.html#id2849251">Secure storage and recovery of encryption keys</a></dt><dt>1.11. <a href="apf.html#id2849264">Web based OpenCA configuration and management</a></dt><dt>1.12. <a href="apf.html#id2849281">Improved key lifecycle management</a></dt><dt>1.13. <a href="apf.html#id2849295">Authentication via a third party</a></dt><dt>1.14. <a href="apf.html#id2849311">Improved debugging support</a></dt><dt>1.15. <a href="apf.html#id2849328">Improved error handling</a></dt><dt>1.16. <a href="apf.html#id2849344">Accreditation</a></dt></dl></dd></dl></dd></dl></div><div class="list-of-figures"><p><b>List of Figures</b></p><dl><dt>1.1. <a href="ch01.html#id2816412">Database oriented view</a></dt><dt>1.2. <a href="ch01.html#id2816962">Logical data view</a></dt><dt>1.3. <a href="ch01s02.html#id2817102">Complete technical overview</a></dt><dt>1.4. <a href="ch01s06.html#id2816825">Life cycle of objects</a></dt><dt>4.1. <a href="ch04.html#id2821779">Passes of the accesscontrol</a></dt><dt>4.2. <a href="ch04.html#id2822057">Passphrase based login</a></dt><dt>4.3. <a href="ch04s02.html#id2822972">Tokenconcept</a></dt><dt>6.1. <a href="ch06.html#id2831537">Phases of the CA initialization</a></dt><dt>6.2. <a href="ch06.html#id2831626">Phase I of the CA initialization</a></dt><dt>6.3. <a href="ch06.html#id2831971">Phase II of the CA initialization</a></dt><dt>6.4. <a href="ch06.html#id2832043">Phase III of the CA initialization</a></dt><dt>7.1. <a href="ch07.html#image_user_request_cert">Request a certificate</a></dt><dt>10.1. <a href="ch10.html#id2835559">Example cryptolayer with tokens</a></dt><dt>11.1. <a href="ch11.html#id2835810">Passes of the accesscontrol</a></dt><dt>11.2. <a href="ch11.html#id2835918">Channel verification</a></dt><dt>11.3. <a href="ch11.html#id2836024">Identification of the user</a></dt><dt>11.4. <a href="ch11.html#id2836129">Access control list</a></dt><dt>15.1. <a href="ch15s02.html#id2838106">LDAP source schema</a></dt></dl></div><div class="list-of-tables"><p><b>List of Tables</b></p><dl><dt>3.1. <a href="ch03.html#id2818827">External Perl modules</a></dt><dt>3.2. <a href="ch03s02.html#id2819389">Supported parameters for host configuration</a></dt><dt>4.1. <a href="ch04s04.html#id2825323">Additional attributes configuration</a></dt><dt>4.2. <a href="ch04s04.html#id2825760">Generic basic CSR configuration</a></dt><dt>4.3. <a href="ch04s05.html#id2826041">Common stuff configuration</a></dt><dt>15.1. <a href="ch15.html#id2837553">Schema usage</a></dt><dt>15.2. <a href="ch15.html#id2837930">Schema usage for user certificates</a></dt><dt>16.1. <a href="ch16s05.html#id2839026">Default OpenCA workflow</a></dt><dt>16.2. <a href="ch16s07.html#id2839411">1000 User test</a></dt><dt>E.1. <a href="apes04.html#id2845253">Texttypes for different databases</a></dt></dl></div><div class="list-of-examples"><p><b>List of Examples</b></p><dl><dt>3.1. <a href="ch03s04.html#id2817670">Module ID calculation</a></dt><dt>4.1. <a href="ch04.html#id2821947">channel configuration</a></dt><dt>4.2. <a href="ch04.html#id2822149">Login and Passphrase configuration</a></dt><dt>4.3. <a href="ch04.html#id2822238">External program authentication configuration</a></dt><dt>4.4. <a href="ch04.html#id2822321">Authentication with certificates</a></dt><dt>4.5. <a href="ch04.html#id2822370">Session configuration</a></dt><dt>4.6. <a href="ch04.html#id2822403">Basic ACL configuration</a></dt><dt>4.7. <a href="ch04.html#id2822579">Permission for serverInfo</a></dt><dt>4.8. <a href="ch04.html#id2822774">Allow all</a></dt><dt>4.9. <a href="ch04s02.html#id2824031">Configuration of token.xml for nCipher</a></dt><dt>4.10. <a href="ch04s03.html#id2824688">OpenSSL configuration - Authority Key Identifier</a></dt><dt>4.11. <a href="ch04s03.html#id2825129">Minimal SSL client extensions</a></dt><dt>4.12. <a href="ch04s03.html#id2825150">Minimal SSL server extensions</a></dt><dt>4.13. <a href="ch04s03.html#id2825178">Minimal SMTP extensions for a single certificate</a></dt><dt>4.14. <a href="ch04s04.html#id2825302">Additional attributes configuration</a></dt><dt>4.15. <a href="ch04s04.html#id2825524">PKCS#10 configuration</a></dt><dt>4.16. <a href="ch04s04.html#id2825563">Basic CSR configuration</a></dt><dt>4.17. <a href="ch04s04.html#id2825961">Configuration example for a XML file based
HTML-select</a></dt><dt>4.18. <a href="ch04s07.html#id2826851">suffix in ldap.xml</a></dt><dt>4.19. <a href="ch04s07.html#id2826996">excluded roles in ldap.xml</a></dt><dt>4.20. <a href="ch04s07.html#id2827159">Schema extension for RDN
! uid_special</a></dt><dt>4.21. <a href="ch04s09.html#id2827521">Download configuration</a></dt><dt>4.22. <a href="ch04s09.html#id2827602">Export configuration</a></dt><dt>4.23. <a href="ch04s09.html#id2827636">Local export configuration</a></dt><dt>4.24. <a href="ch04s11.html#id2828536">/etc/mail/sendmail.mc</a></dt><dt>6.1. <a href="ch06s05.html#id2833423">SSCEP configuration</a></dt><dt>7.1. <a href="ch07s03.html#id2834602">OpenSSL 0.9.7 key usage and extended key usage for DCs</a></dt><dt>7.2. <a href="ch07s03.html#id2834635">OpenSSL 0.9.7 subjectAltName for DCs</a></dt><dt>7.3. <a href="ch07s03.html#id2834699">OpenSSL 0.9.7 certificate template name for DCs</a></dt><dt>7.4. <a href="ch07s03.html#id2834785">OpenSSL 0.9.8 subject alternative name section for DCs</a></dt><dt>7.5. <a href="ch07s03.html#id2834996">extendedKeyUsage for clients</a></dt><dt>16.1. <a href="ch16s03.html#id2838679">batch_new_user.txt</a></dt><dt>16.2. <a href="ch16s03.html#id2838698">batch_new_process.txt</a></dt><dt>16.3. <a href="ch16s03.html#id2838718">batch_process_data.txt</a></dt><dt>17.1. <a href="ch17s02.html#id2839894">SuSE packaging</a></dt><dt>E.1. <a href="apes02.html#id2843610">General error 6751 during certificate issueing</a></dt><dt>E.2. <a href="apes02.html#id2843642">Bad passphrase error log during certificate issueing</a></dt><dt>E.3. <a href="apes02.html#id2843926">Error 7211021: Cannot create request!</a></dt><dt>E.4. <a href="apes03.html#id2844333">Full errormessage for missing functions</a></dt><dt>E.5. <a href="apes03.html#id2844404">Already present symbolic link</a></dt><dt>E.6. <a href="apes03.html#id2844504">Search for XML::Twig modules</a></dt><dt>E.7. <a href="apes03.html#id2844662">Type Mismatch on Internet Explorer</a></dt><dt>E.8. <a href="apes03.html#id2844698">Failed startup with wrong Net::Server version</a></dt><dt>E.9. <a href="apes03.html#id2844766">failing XML parsing during configuration</a></dt><dt>E.10. <a href="apes03.html#id2844807">failing XML parsing during configuration</a></dt><dt>E.11. <a href="apes03.html#id2844856">empty Twig.pm files because of missing XML::Parser</a></dt><dt>E.12. <a href="apes04.html#id2844909">virtual host configuration</a></dt><dt>E.13. <a href="apes04.html#id2844968">./configure and virtual hosts</a></dt><dt>E.14. <a href="apes04.html#id2845038">Client authentication with mod_ssl</a></dt><dt>E.15. <a href="apes04.html#id2845398">OCSP configuration for LDAP</a></dt><dt>E.16. <a href="apes04.html#id2845416">OCSP configuration for http</a></dt><dt>E.17. <a href="apes04.html#id2845985">emailaddress for subjectAltName in CA certs</a></dt><dt>E.18. <a href="apes04.html#id2846014">Missing mod_ssl standard environment variables</a></dt><dt>E.19. <a href="apes04.html#id2846052">SSL environment variable configuration for Apache</a></dt><dt>E.20. <a href="apes04.html#id2846084"></a></dt><dt>E.21. <a href="apes06.html#id2846566">Failed request upload</a></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="pr01.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"> </td><td width="20%" align="center"> </td><td width="40%" align="right" valign="top"> Introduction</td></tr></table></div></body></html>
|