openca-installation.htm

The Open–source PKI Book Version 2.4.6 Edition Copyright &copy 1999, 2000 by Symeon (Simos) Xenite

ALIGN="LEFT"
VALIGN="TOP"
>nobody.nobody</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Use found OpenSSL command</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="USERINPUT"
><B
>Y</B
></TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Continue installation</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="USERINPUT"
><B
>yes</B
></TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Edit openssl.cnf</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Check <A
HREF="openssl-cnf-configuration.htm"
>the section called <I
><TT
CLASS="FILENAME"
>openssl.cnf</TT
> configuration for OpenCA</I
></A
></TD
></TR
></TBODY
></TABLE
></DIV
>  
	</P
><P
>        Subsequently, to install the WWW pages that accompany the CAServer do
        <P
CLASS="LITERALLAYOUT"
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>make install-ca-web</B
></TT
><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</P
>
	Use the following parameters when installing the WWW pages of
	the OpenCA component for the CAServer.
	<DIV
CLASS="TABLE"
><P
><B
>Table D-3. RAServer WWW Server installation parameters</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><THEAD
><TR
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Parameter</TH
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Value</TH
></TR
></THEAD
><TBODY
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>HTML pages directory</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/usr/local/apache/htdocs/ca
		  	</TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>CGI directory</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/usr/local/apache/cgi-bin
		  	</TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Continue installation</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="USERINPUT"
><B
>yes</B
></TT
></TD
></TR
></TBODY
></TABLE
></DIV
>  
        </P
><P
>        Finally, follow the instructions from the WWW pages to initialise
        the CAServer by creating the CA private key and certificate.
        </P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="INSTALLATION-RA"
>RAServer Installation</A
></H3
><P
>     	  This is the installation of the Registration Authority.
	  Please refer to <A
HREF="impl-openca.htm#OPENCA-LAYOUT"
>Figure 7-1</A
> for more information.
        </P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="stylesheet-images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>          The RAServer is supposed to be installed on a separate system than the
	  CAServer. Furthermore, it is assumed that the steps that led to the
	  installation of the CAServer will have to be duplicated to create
	  the RAServer. However, for limited testing purposes, all of them
	  could be installed on the same system.
        </P
></TD
></TR
></TABLE
></DIV
><P
>        It is assumed that you have uncompressed and <I
CLASS="EMPHASIS"
>        untarred</I
> the OpenCA software with the following commands.
        <P
CLASS="LITERALLAYOUT"
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>tar xvfz OpenCA-0.2.0.tar.gz
        </B
></TT
></P
>
        </P
><P
>        To install the RAServer software, enter the directory created 
        (<TT
CLASS="FILENAME"
>OpenCA-0.2.0</TT
>) and
        type
        <P
CLASS="LITERALLAYOUT"
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>make install-raserver</B
></TT
><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>make install-raserver-web</B
></TT
><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</P
>
        </P
><P
>	You can use the following parameters when installing the OpenCA
	component for the RAServer.
	<DIV
CLASS="TABLE"
><P
><B
>Table D-4. RAServer installation parameters</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><THEAD
><TR
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Parameter</TH
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Value</TH
></TR
></THEAD
><TBODY
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>OpenSSL installation directory</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/usr/local/ssl
		  	</TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Base directory for RAServer</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/usr/local/RAServer
		  	</TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Webserver user</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
>nobody.nobody</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Use found OpenSSL command</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="USERINPUT"
><B
>Y</B
></TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Continue installation</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="USERINPUT"
><B
>yes</B
></TT
></TD
></TR
></TBODY
></TABLE
></DIV
>  

	<DIV
CLASS="TABLE"
><P
><B
>Table D-5. RAServer WWW Server installation parameters</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><THEAD
><TR
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Parameter</TH
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Value</TH
></TR
></THEAD
><TBODY
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>HTML pages directory</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/usr/local/apache/htdocs/ra
		  	</TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>CGI directory</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/usr/local/apache/cgi-bin
		  	</TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Continue installation</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="USERINPUT"
><B
>yes</B
></TT
></TD
></TR
></TBODY
></TABLE
></DIV
>  
        </P
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="INSTALLATION-RAO"
>RAOperator Installation</A
></H3
><P
>   	  This is the installation of the RA Operator.
	  Please refer to <A
HREF="impl-openca.htm#OPENCA-LAYOUT"
>Figure 7-1</A
> for more information.
        </P
><P
>        It is assumed that you have uncompressed and <I
CLASS="EMPHASIS"
>        untarred</I
> the OpenCA software with the following commands.
        <P
CLASS="LITERALLAYOUT"
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>tar xvfz OpenCA-0.2.0.tar.gz
        </B
></TT
></P
>
        </P
><P
>        To install the software, enter the directory created 
        (<TT
CLASS="FILENAME"
>OpenCA-0.2.0</TT
>) and
        type
        <P
CLASS="LITERALLAYOUT"
>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<TT
CLASS="PROMPT"
>root# </TT
><TT
CLASS="USERINPUT"
><B
>make install-secure</B
></TT
><br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</P
>
        </P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="stylesheet-images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>          Again, the RAOperator is supposed to be installed on a separate system 
  	  other than the CAServer and the RAServer. Furthermore, it is assumed that 
	  the steps that led to the installation of the CAServer and the RAServer 
	  will have to be duplicated to create the RAOperator. However, 
	  for limited testing purposes, both of them could be installed 
	  on the same system. We must say that installing the CAServer, the
	  RAServer and the RAOperators on the same system, will make it rather
	  difficult to use and probably error-prone in the testing.
        </P
></TD
></TR
></TABLE
></DIV
><P
>	<DIV
CLASS="TABLE"
><P
><B
>Table D-6. RAOperator WWW Server installation parameters</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><THEAD
><TR
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Parameter</TH
><TH
ALIGN="LEFT"
VALIGN="TOP"
>Value</TH
></TR
></THEAD
><TBODY
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>HTML pages directory</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/usr/local/apache/htdocs/rao
		  	</TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>CGI directory</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>/usr/local/apache/cgi-bin
		  	</TT
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
>Continue installation</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="USERINPUT"
><B
>yes</B
></TT
></TD
></TR
></TBODY
></TABLE
></DIV
>  
        </P
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="INSTALL-WWW-SERVER"
>WWW Server installation</A
></H2
><P
>      Installation of the WWW server and the SSL/TLS WWW Server
      component. This will be a rather lengthly procedure, unless
      you use <SPAN
CLASS="ACRONYM"
>RPM</SPAN
> files.
      This software can be found at 
      <A
HREF="impl-openca.htm#SOFTWARE-TYPE"
>the section called <I
>Software packages</I
> in Chapter 7</A
>. Support information is
      at <A
HREF="support.htm"
>Chapter 8</A
>.
      </P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="INSTALL-LDAP"
>LDAP installation</A
></H2
><P
>       An independent step is the installation of the LDAP software.
       This is usually installed on RAOperator.
       Recommended LDAP software is at
       <A
HREF="impl-openca.htm#SOFTWARE-TYPE"
>the section called <I
>Software packages</I
> in Chapter 7</A
>. For support information,
       please see <A
HREF="support.htm"
>Chapter 8</A
>.
       </P
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="how-elgamal-works.htm"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ospki-book.htm"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="openssl-cnf-configuration.htm"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>How does El Gamal work?</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><TT
CLASS="FILENAME"
>openssl.cnf</TT
> configuration for OpenCA</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>