Package: wnpp Version: N/A; reported 2002-04-08 Severity: wishlist * Package name : openca Version : 0.8.1 Upstream Author : Multiple; see website. * URL : http://www.OpenCA.org/ * License : "Apache-style" license Description : Open Source Certification Authority
openca allows for a two part CA (from docs): 1. Here it is how it works. The CA (2) Computer is the most important: on it it is istalled the ca software and the CA SECRET KEY. Because of it's security needs, we think it must be left disconnected by any network (this is the only way to protect a computer from network attacks(!!!)) and file tranfers (Requests/Certificates/CRLs/etc...) with other computers get executed via removable support ( i.e. floppy/rw/etc...). 2. The RA Server is a bit more complicated. It has a secure (with client auth turned on) apache server installed. Services offered only to RAs permit to approve/reject requests BEFORE they get signed by the CA. On the RA Server there is also an LDAP server (for certificates availability). 3. There is another Web server (Secure Server) that is used by the normal users to make certificate requests, import CA Certificate, import requested certificates and import other users' certs. You can activate this server on the same machine of the RA Server: this can save a litte work and is the currently adopted choice. Oh, sorry, did I say 2 parts? obviously, I still have some learning to do myself... There are currently some major problems with packaging it for Debian, so this may take some time. For instance: - requires openssl 0.9.7, which has not yet been released upstream. - some system-specific data is hardcoded, which is obviously a big no-no for a Debian package... Things like E-Mail address, URL, and organisation have been hardcoded... Hopefully these have been isolated to a few config files, not sure yet. - since I I still learning how this works, the current way I have split the packages could be considered restrictive. (should be easy to change). Any help appreciated; if you want to try it out (with limitations described above), I have a copy at <URL:http://snoopy.apana.org.au/~ftp/debian/>. -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux scrooge 2.4.18 #1 Wed Apr 3 13:18:14 EST 2002 i686 Locale: LANG=C, LC_CTYPE= -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
