📄 openca-installation.htm
字号:
<HTML><HEAD><TITLE>OpenCA Installation details</TITLE><METANAME="GENERATOR"CONTENT="Modular DocBook HTML Stylesheet Version 1.55"><LINKREL="HOME"TITLE="The Open–source PKI Book"HREF="ospki-book.htm"><LINKREL="PREVIOUS"TITLE="How does El Gamal work?"HREF="how-elgamal-works.htm"><LINKREL="NEXT"TITLE="openssl.cnf configuration for OpenCA"HREF="openssl-cnf-configuration.htm"></HEAD><BODYCLASS="APPENDIX"BGCOLOR="#FFFFFF"TEXT="#000000"LINK="#0000FF"VLINK="#840084"ALINK="#0000FF"><DIVCLASS="NAVHEADER"><TABLEWIDTH="100%"BORDER="0"CELLPADDING="0"CELLSPACING="0"><TR><THCOLSPAN="3"ALIGN="center">The Open–source PKI Book: A guide to PKIs and Open–source Implementations</TH></TR><TR><TDWIDTH="10%"ALIGN="left"VALIGN="bottom"><AHREF="how-elgamal-works.htm">Prev</A></TD><TDWIDTH="80%"ALIGN="center"VALIGN="bottom"></TD><TDWIDTH="10%"ALIGN="right"VALIGN="bottom"><AHREF="openssl-cnf-configuration.htm">Next</A></TD></TR></TABLE><HRALIGN="LEFT"WIDTH="100%"></DIV><DIVCLASS="APPENDIX"><H1><ANAME="OPENCA-INSTALLATION">Appendix D. OpenCA Installation details</A></H1><DIVCLASS="TOC"><DL><DT><B>Table of Contents</B></DT><DT><AHREF="openca-installation.htm#SOFTWARE-INSTALLATION-SEQUENCE">Software installation sequence</A></DT><DT><AHREF="openssl-cnf-configuration.htm"><TTCLASS="FILENAME">openssl.cnf</TT> configuration for OpenCA</A></DT></DL></DIV><P> As described in <AHREF="impl-openca.htm#OPENCA-LAYOUT">Figure 7-1</A>, OpenCA requires three distinctive servers. However, this makes the software less accesible. We describe how to install all the components on a single computer. </P><P> We assume the character of Woody Allen in the movie "Bananas", where, while he was on trial in the court, he was playing both the role of the defendant and the laywer by switching places quickly. </P><P> First, we determine the software components to install and the server on which we install them. </P><DIVCLASS="TABLE"><P><B>Table D-1. Software installation matrix</B></P><TABLEBORDER="1"CLASS="CALSTABLE"><THEAD><TR><THALIGN="LEFT"VALIGN="TOP">Software</TH><THALIGN="CENTER"VALIGN="TOP">CAServer</TH><THALIGN="CENTER"VALIGN="TOP">RAServer</TH><THALIGN="CENTER"VALIGN="TOP">RAOperator</TH></TR></THEAD><TBODY><TR><TDALIGN="LEFT"VALIGN="TOP">Perl Generic modules</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD></TR><TR><TDALIGN="LEFT"VALIGN="TOP">OpenCA Perl modules</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD><TDALIGN="CENTER"VALIGN="TOP">•</TD></TR><TR><TDALIGN="LEFT"VALIGN="TOP">WWW Server</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD></TR><TR><TDALIGN="LEFT"VALIGN="TOP">SSL/TSL module</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD></TR><TR><TDALIGN="LEFT"VALIGN="TOP">LDAP Server</TD><TDALIGN="CENTER"VALIGN="TOP">•</TD><TDALIGN="CENTER"VALIGN="TOP">•</TD><TDALIGN="CENTER"VALIGN="TOP">✓</TD></TR><TR><TDALIGN="LEFT"VALIGN="TOP">OpenSSL</TD><TDALIGN="CENTER"VALIGN="TOP">•</TD><TDALIGN="CENTER"VALIGN="TOP">•</TD><TDALIGN="CENTER"VALIGN="TOP">•</TD></TR></TBODY></TABLE></DIV><DIVCLASS="NOTE"><P></P><TABLECLASS="NOTE"WIDTH="100%"BORDER="0"><TR><TDWIDTH="25"ALIGN="CENTER"VALIGN="TOP"><IMGSRC="stylesheet-images/note.gif"HSPACE="5"ALT="Note"></TD><TDALIGN="LEFT"VALIGN="TOP"><P> The above table is not yet final and is subject to changes as the project evolves. </P></TD></TR></TABLE></DIV><P> Using the above table, you may proceed with the installation, as described in the following chapters. Keep in mind that if you are doing an all–in–one installation –– all servers on a single workstation –– then you do not need to install the same software component multiple times or in different directories. We will note any special configuration setting to be made in regard to this issue. </P><DIVCLASS="SECT1"><H1CLASS="SECT1"><ANAME="SOFTWARE-INSTALLATION-SEQUENCE">Software installation sequence</A></H1><P>It is recommended that the software components be installed in this sequence: </P><DIVCLASS="SECT2"><H2CLASS="SECT2"><ANAME="INSTALL-GENERIC-PERL-MODULES">Installation of Perl modules</A></H2><P> Information about how to find the latest version of a Perl module can be found at <AHREF="perl-modules-installation.htm">Appendix A</A>. </P><DIVCLASS="NOTE"><P></P><TABLECLASS="NOTE"WIDTH="100%"BORDER="0"><TR><TDWIDTH="25"ALIGN="CENTER"VALIGN="TOP"><IMGSRC="stylesheet-images/note.gif"HSPACE="5"ALT="Note"></TD><TDALIGN="LEFT"VALIGN="TOP"><P>These Perl modules must be installed in the sequence shown because of dependencies. However, if you make a mistake in the sequence, you receive an informative error that indicates the module was skipped.</P></TD></TR></TABLE></DIV><P> <P></P><OLTYPE="1"><LI><P> <TTCLASS="VARNAME">Convert::BER</TT> is a perl object class implementation to encode and decode objects as described by ITU-T standard X.209 (ASN.1) using Basic Encoding Rules (BER). The filename is <AHREF="http://www.perl.com/CPAN-local/authors/id/GBARR/Convert-BER-1.26.tar.gz"TARGET="_top"> <TTCLASS="FILENAME">Convert-BER-1.26.tar.gz</TT></A> </P></LI><LI><P> <TTCLASS="VARNAME">MIME::Base64</TT> and <TTCLASS="VARNAME">MIME::QuotedPrint</TT> provide a base64 encoder/decoder and a quoted-printable encoder/decoder. These encoding methods are specified in RFC 2045 – <SPANCLASS="ACRONYM">MIME</SPAN> (Multipurpose Internet Mail Extensions). The filename is <AHREF="http://www.perl.com/CPAN-local/authors/id/GAAS/MIME-Base64-2.11.tar.gz"TARGET="_top"><TTCLASS="FILENAME">MIME-Base64-2.11.tar.gz</TT></A> </P></LI><LI><P> The <TTCLASS="VARNAME">URI</TT> perl object class provides functionality regarding the Uniform Resource Identifier, as specified in RFC 2396. The filename is <AHREF="http://www.perl.com/CPAN-local/authors/id/GAAS/URI-1.04.tar.gz"TARGET="_top"><TTCLASS="FILENAME">URI-1.04.tar.gz</TT></A> </P></LI><LI><P> The <TTCLASS="VARNAME">Digest::*</TT> perl object class provides implementations for the MD5 (RFC 1321), MD2 (RFC 1319) and SHA-1 (FIPS PUB 180-1) hash functions. Also, an implementation of the HMAC (RFC 2104) MAC function is provided. The filename is <AHREF="http://www.perl.com/CPAN-local/authors/id/GAAS/Digest-MD5-2.09.tar.gz"TARGET="_top"><TTCLASS="FILENAME">Digest-MD5-2.09.tar.gz</TT></A> </P></LI><LI><P> <SPANCLASS="APPLICATION">perl-ldap</SPAN> provides access to LDAP servers. A requirement to install it is to already have <TTCLASS="VARNAME">Convert::BER</TT> installed on your system. The filename is <AHREF="http://www.perl.com/CPAN-local/authors/id/GBARR/perl-ldap-0.13.tar.gz"TARGET="_top"><TTCLASS="FILENAME">perl-ldap-0.13.tar.gz</TT></A> </P></LI><LI><P> I have the idea that this and the above have overlapping functionality. The filename is <AHREF="http://www.perl.com/CPAN-local/authors/id/CDONLEY/Net-LDAPapi-1.42.tar.gz"TARGET="_top"><TTCLASS="FILENAME">Net-LDAPapi-1.42.tar.gz</TT></A> </P></LI></OL> </P></DIV><DIVCLASS="SECT2"><H2CLASS="SECT2"><ANAME="OPENCA-PERL-MODULES">Installation of OpenCA–specific modules</A></H2><P> The OpenCA–specific modules can be found at either at <SPANCLASS="ACRONYM">CPAN</SPAN> or at the OpenCA WWW site. </P><P> The functionality of these perl modules is not entirely OpenCA–specific. In general, they help to parse configuration files. <P></P><OLTYPE="1"><LI><P> This perl module is used in order to access the configuration files of OpenCA. Currently, the configuration files are <P></P><UL><LI><P> <TTCLASS="FILENAME">ca.conf</TT> </P></LI><LI><P> <TTCLASS="FILENAME">raserver.conf</TT> </P></LI><LI><P> <TTCLASS="FILENAME">secure.cnf</TT> </P></LI></UL> The filename is <AHREF="http://www.perl.com/CPAN-local/authors/id/M/MA/MADWOLF/OpenCA-Configuration-1.2.tar.gz"TARGET="_top"> <TTCLASS="FILENAME">OpenCA-Configuration-1.2.tar.gz</TT></A> </P></LI><LI><P> This perl module provides access to configuration variables that can have three states. It is used to ease the access to the OpenCA configuration files. The filename is <AHREF="http://www.perl.com/CPAN-local/authors/id/M/MA/MADWOLF/OpenCA-TRIStateCGI-1.02.tar.gz"TARGET="_top"> <TTCLASS="FILENAME">OpenCA-TRIStateCGI-1.02.tar.gz</TT></A> </P></LI></OL> </P></DIV><DIVCLASS="SECT2"><H2CLASS="SECT2"><ANAME="INSTALL-OPENCA">Installation of OpenCA</A></H2><P> This is described in three major sections, the installation of the CAServer, the RAServer and the RAOperator(s). </P><P> The installation procedure involves setting up the configuration files, copying the HTML pages to the appropriate directories and finally adding the <SPANCLASS="ACRONYM">CGI</SPAN> scripts in the corresponding directories. </P><DIVCLASS="SECT3"><H3CLASS="SECT3"><ANAME="INSTALLATION-CA">CAServer Installation</A></H3><P> This is the installation of the Certification Authority. Please refer to <AHREF="impl-openca.htm#OPENCA-LAYOUT">Figure 7-1</A> for more information. </P><P> It is assumed that you have uncompressed and <ICLASS="EMPHASIS"> untarred</I> the OpenCA software with the following command. <PCLASS="LITERALLAYOUT"> <TTCLASS="PROMPT">root# </TT><TTCLASS="USERINPUT"><B>tar xvfz OpenCA-0.2.0.tar.gz </B></TT></P> </P><P> To install the software, enter the directory created (<TTCLASS="FILENAME">OpenCA-0.2.0</TT>) and type <PCLASS="LITERALLAYOUT"> <TTCLASS="PROMPT">root# </TT><TTCLASS="USERINPUT"><B>make install-ca</B></TT><br> </P> </P><P> Use the following parameters when installing the OpenCA component for the CAServer. <DIVCLASS="TABLE"><P><B>Table D-2. CAServer installation parameters</B></P><TABLEBORDER="1"CLASS="CALSTABLE"><THEAD><TR><THALIGN="LEFT"VALIGN="TOP">Parameter</TH><THALIGN="LEFT"VALIGN="TOP">Value</TH></TR></THEAD><TBODY><TR><TDALIGN="LEFT"VALIGN="TOP">OpenSSL installation directory</TD><TDALIGN="LEFT"VALIGN="TOP"><TTCLASS="FILENAME">/usr/local/ssl </TT></TD></TR><TR><TDALIGN="LEFT"VALIGN="TOP">Base directory for CAServer</TD><TDALIGN="LEFT"VALIGN="TOP"><TTCLASS="FILENAME">/usr/local/RAServer </TT></TD></TR><TR><TDALIGN="LEFT"VALIGN="TOP">Webserver user</TD><TD⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -