From: Mohammad k. <m_k...@ya...> - 2012-05-30 10:07:26
|
Thanks Jorge. I did as you said, unfortunately, it didn't work. Here is the configuration that I run: ./configure --with-openssl-tools-prefix=/usr/local --with-openca-user=openca --with-openca-group=openca --with-web-host=ca-server --with-db-name=openca_db --with-db-host=localhost --with-db-user=openca --with-db-password=admin --with-db-type=mysql --with-service-mail-account=kh...@kt... --with-httpd-user=www-data --with-httpd-group=www-data --with-cgi-fs-prefix=/usr/lib/cgi-bin --with-htdocs-fs-prefix=/var/www/pki --with-openca-prefix=/usr/local/openca/ca --with-etc-prefix=/usr/local/openca/ca/etc --with-module-prefix=/usr/local/openca/ca/modules --with-ca-organization=LCN-KTH --with-organization=KTH --with-ca-locality=Stockholm --with-ca-state=Stockholm --with-ca-country=SE --with-support-mail-address=kh...@kt... --disable-external-modules --enable-dbi --enable-rbac --enable-db --prefix=/usr/local/openca --with-openssl-prefix=/usr/include/ --with-openca-tools-prefix=/usr/local/openca After that, I did the following commands to complete the installation phase: make >make install-common >make install-offline install-online >/usr/local/openca/etc/openca/configure_etc.sh >/usr/local/openca/etc/init.d/openca start >/etc/init.d/apache2 restart Furthermore, I did a small changes in the config.xml file as follows: <option> <name>dataexchange_device_up</name> <value>/tmp/ca-up</value> </option> <option> <name>dataexchange_device_down</name> <value>/tmp/ca-down</value> </option> <option> <name>dataexchange_device_local</name> <value>/tmp/ra_local</value> </option> Still, when I browse the link below, I can view the folders and I cannot enter the OpenCA Web Interface: https://localhost/pki/ca/ When I checked the Apache Error.log file, I realized that there are some mistakes while I've got no idea how to solve them. I think I did everything correctly. Here is the small part of Apache error.log file: [Wed May 30 11:31:03 2012] [notice] caught SIGTERM, shutting down >[Wed May 30 11:31:04 2012] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? >[Wed May 30 11:31:04 2012] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? >[Wed May 30 11:31:04 2012] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) >[Wed May 30 11:31:04 2012] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? >[Wed May 30 11:31:04 2012] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? >[Wed May 30 11:31:04 2012] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) >[Wed May 30 11:31:04 2012] [notice] Apache/2.2.20 (Ubuntu) mod_ssl/2.2.20 OpenSSL/1.0.0e configured -- resuming normal operations >[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ra/index.html (None could be negotiated). >[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ca/index.html (None could be negotiated). >[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/pub/index.html (None could be negotiated). >[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ldap/index.html (None could be negotiated). >[Wed May 30 11:31:59 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/batch/index.html (None could be negotiated). >[Wed May 30 11:32:01 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ca/index.html (None could be negotiated)., referer: http://localhost/pki/ >[Wed May 30 11:32:23 2012] [error] [client 127.0.0.1] File does not exist: /var/www/pki/ca/@ca_cgi_url_prefix@, referer: https://localhost/pki/ca/index.html.template >[Wed May 30 11:32:25 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ca/index.html (None could be negotiated)., referer: https://localhost/pki/ >[Wed May 30 11:32:27 2012] [error] [client 127.0.0.1] File does not exist: /var/www/pki/ca/@ca_cgi_url_prefix@, referer: https://localhost/pki/ca/index.html.template >[Wed May 30 11:32:32 2012] [error] [client 127.0.0.1] Negotiation: discovered file(s) matching request: /var/www/pki/ca/index.html (None could be negotiated). As far as I know, there are two main problems I have. The first is the mismatching value for localhost, which is a warning here. The other one is that there is no corresponding file for ca/index.html. I checked the path: /var/www/html/pki/ca/index.html and index.html does exist. However, it seems that Apache cannot recognize/resolve it. It's really strange, though. And when I try to open the index.html from the folder, it gives me this error: Not Found >The requested URL /cgi-bin/pki/ca/ca was not found on this server. I really don't know how to solve it. I searched a lot while I got nothing so far. Any idea/suggestion what to do to move on. Thanks in advance ________________________________ From: Jorge A. Arrieta N. <jar...@e-...> To: Mohammad khodaei <m_k...@ya...> Cc: "ope...@li..." <ope...@li...> Sent: Wednesday, May 30, 2012 7:56 AM Subject: Re: Configuring OpenCA after installation (Mohammad khodaei) Hi, Yes, your problem it's the same situation that I think. So, I can help you. Today, I don't have much time, but with a few tips, you can move on. You can fix the problem, with "./configure" script. Basically, you need to fix the location in the file system, for the URL. For example, in CentOS, you have: URL: https://localhost/pki/ File system: /var/www/html/pki Right now, in Ubuntu, you have something like: URL: https://localhost/html/pki/ File system: /var/www/html/pki But, you need this: URL: https://localhost/pki/ File system: /var/www/pki -> here is the change ** For the 'cgi-bin' it's the same problem. If my notes, are correct, you need this: $ ./configure ... --with-htdocs-fs-prefix=/var/www/pki And with the scripts, is very similar, but the default path is "/usr/lib/cgi-bin/". Double-check this, because I did in a different way. Greetings, Jorge |