Hello , i have my pki up and running , but i want to ask some things and
hear your advices. Thanks.
I have 2 fedora(12) virtual machines , the first one has the CA and the
second one the RA. They use the same mysql database from CA virtual
machine. I can access RA CA PUB interfaces from my browser and
everything seems to work.
Now what i want to do is to automate the procedure for getting a
certificate. Im planning to create a custom user interface in order to
replace the form "request a certificate" in openca /pub interface.
I have an external database with some usernames and passwords and only
those users should be able to request a certificate.
After that request the user will download his certificate in order to
use it , but first my "system" has to be made automated in order to
issue the certificate.
So these are my questions :
1) The RA sign is required ? I can issue certificates as CA without the
RA sign , i think that the RA sign is only required in order to ensure
that only validated users will ask for a certificate , is that wrong ?
2) Is there any need to exchange data (same database , so i speak only
for files) between RA and CA and how can this be done automated ? I have
to transfer files in my own way ?
3) How can i sign as RA and to issue as an CA , i know how to do it with
the interfaces but i want to automate it, i have to use perl scripts or
i can work with php for example ?
Your advices would be very helpful thanks !