Re: [Openca-Users] Problem with OpenCA Web Interface

[Mohammad k. <m_k...@ya...>]

Thanks Jorge.

I did as you said, unfortunately, it didn't work. Here is the configuration that I run: 

./configure --with-openssl-tools-prefix=/usr/local --with-openca-user=openca --with-openca-group=openca --with-web-host=ca-server --with-db-name=openca_db --with-db-host=localhost --with-db-user=openca --with-db-password=admin --with-db-type=mysql --with-service-mail-account=kh...@kt... --with-httpd-user=www-data --with-httpd-group=www-data --with-cgi-fs-prefix=/usr/lib/cgi-bin --with-htdocs-fs-prefix=/var/www/pki --with-openca-prefix=/usr/local/openca/ca --with-etc-prefix=/usr/local/openca/ca/etc --with-module-prefix=/usr/local/openca/ca/modules --with-ca-organization=LCN-KTH --with-organization=KTH --with-ca-locality=Stockholm --with-ca-state=Stockholm --with-ca-country=SE --with-support-mail-address=kh...@kt...  --disable-external-modules --enable-dbi --enable-rbac --enable-db --prefix=/usr/local/openca --with-openssl-prefix=/usr/include/ --with-openca-tools-prefix=/usr/local/openca


After that, I did the following commands to complete the installation phase:

make
>make install-common
>make install-offline install-online
>/usr/local/openca/etc/openca/configure_etc.sh
>/usr/local/openca/etc/init.d/openca start 
>/etc/init.d/apache2 restart

Furthermore, I did a small changes in the config.xml file as follows:

        <option>
          <name>dataexchange_device_up</name>
          <value>/tmp/ca-up</value>
        </option>
        <option>
          <name>dataexchange_device_down</name>
          <value>/tmp/ca-down</value>
        </option>
        <option>
          <name>dataexchange_device_local</name>
          <value>/tmp/ra_local</value>
        </option>

Still, when I browse the link below, I can view the folders and I cannot enter the OpenCA Web Interface:
https://localhost/pki/ca/


When I checked the Apache Error.log file, I realized that there are some mistakes while I've got no idea how to solve them. I think I did everything correctly. Here is the small part of Apache error.log file:


[Wed May 30 11:31:03 2012] [notice] caught SIGTERM, shutting down
>[Wed May 30 11:31:04 2012] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
>[Wed May 30 11:31:04 2012] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
>[Wed May 30 11:31:04 2012] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
>[Wed May 30 11:31:04 2012] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
>[Wed May 30 11:31:04 2012] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
>[Wed May 30 11:31:04 2012] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
>[Wed May 30 11:31:04 2012] [notice] Apache/2.2.20 (Ubuntu) mod_ssl/2.2.20 OpenSSL/1.0.0e configured -- resuming normal operations
>[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ra/index.html (None could be negotiated).
>[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ca/index.html (None could be negotiated).
>[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/pub/index.html (None could be negotiated).
>[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ldap/index.html (None could be negotiated).
>[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/batch/index.html (None could be negotiated).
>[Wed May 30 11:32:01 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ca/index.html (None could be negotiated)., referer: http://localhost/pki/
>[Wed May 30 11:32:23 2012] [error] [client 127.0.0.1] File does not exist: /var/www/pki/ca/@ca_cgi_url_prefix@, referer: https://localhost/pki/ca/index.html.template
>[Wed May 30 11:32:25 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ca/index.html (None could be negotiated)., referer: https://localhost/pki/
>[Wed May 30 11:32:27 2012] [error] [client 127.0.0.1] File does not exist: /var/www/pki/ca/@ca_cgi_url_prefix@, referer: https://localhost/pki/ca/index.html.template
>[Wed May 30 11:32:32 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ca/index.html (None could be negotiated).



As far as I know, there are two main problems I have. The first is the mismatching value for localhost, which is a warning here. The other one is that there is no corresponding file for ca/index.html. I checked the path: /var/www/html/pki/ca/index.html and index.html does exist. However, it seems that Apache cannot recognize/resolve it. It's really strange, though. And when I try to open the index.html from the folder, it gives me this error:

Not Found
>The requested URL /cgi-bin/pki/ca/ca was not found on this server.


I really don't know how to solve it. I searched a lot while I got nothing so far. Any idea/suggestion what to do to move on.

Thanks in advance


________________________________
 From: Jorge A. Arrieta N. <jar...@e-...>
To: Mohammad khodaei <m_k...@ya...> 
Cc: "ope...@li..." <ope...@li...> 
Sent: Wednesday, May 30, 2012 7:56 AM
Subject: Re: Configuring OpenCA after installation (Mohammad khodaei)
 
Hi,

Yes, your problem it's the same situation that I think. So, I can help
you.

Today, I don't have much time, but with a few tips, you can move on.


You can fix the problem, with "./configure" script.

Basically, you need to fix the location in the file system, for the URL.

For example, in CentOS, you have:

URL: https://localhost/pki/
File system:  /var/www/html/pki


Right now, in Ubuntu, you have something like:

URL: https://localhost/html/pki/
File system: /var/www/html/pki


But, you need this:

URL: https://localhost/pki/
File system: /var/www/pki    
-> here is the change **


For the 'cgi-bin' it's the same problem.

If my notes, are correct, you need this:


$ ./configure ... --with-htdocs-fs-prefix=/var/www/pki 


And with the scripts, is very similar, but the default path is
"/usr/lib/cgi-bin/". Double-check this, because I did in a different
way.



Greetings,
Jorge