Part II. Installation and Configuration Guide
Prev   Next

Installation and Configuration Guide

Table of Contents

Preface
3. Installation
1. Preparations
1.1. Software
1.2. Hardware
2. Configure
2.1. Host System Configuration
2.2. Host System Configuration (of the upcoming OpenCA 1.0)
2.2.1. OpenCA user and group
2.2.2. Daemon user and group
2.3. Filesystem paths
2.3.1. Common Prefixes
2.3.2. Component Prefixes
2.3.3. OpenSSL prefixes (OpenCA 1.0 only)
2.4. Webserver specific stuff
2.4.1. Common server informations
2.4.2. Filesystem Paths
2.4.3. URL Paths
2.5. Email
2.6. Compiling features
3. Installation
4. config.xml (for RPMs and DEBs too)
4.1. Configuration sections of config.xml
4.1.1. General options
4.1.2. web server configuration
4.1.3. ldap server configuration
4.1.4. database configuration
4.1.5. module configuration
4.1.6. configuration of relative paths
4.1.7. configuration of SCEP
4.1.8. Dataexchange
4.2. How to setup two management interfaces on one server?
4.2.1. Online Components
4.2.2. Offline Components
4.2.3. OPENCADIR/etc/menu.xml
4. Configuration
1. Access Control
1.1. Channel verification
1.2. Login
1.2.1. none
1.2.2. passwd
1.2.2.1. internal database
1.2.2.2. external authentication
1.2.3. x509
1.3. Session management
1.4. ACLs
2. Token and keyconfiguration
2.1. OpenSSL
2.2. Empty
2.3. LunaCA3
2.4. nCipher
2.4.1. Introduction
2.4.2. Implementation
2.4.3. Usage
2.4.4. HSM login shell
2.4.5. OpenCA Configuration
2.4.6. Example for the setup
2.5. OpenSC
3. OpenSSL
3.1. Certificate Extensions
3.1.1. Standard Extensions
3.1.1.1. Authority Key Identifier
3.1.1.2. Subject Key Identifier
3.1.1.3. Key Usage
3.1.1.4. Private Key Usage Period
3.1.1.5. Certificate Policies
3.1.1.6. Policy Mappings
3.1.1.7. Subject Alternative Name
3.1.1.8. Issuer Alternative Name
3.1.1.9. Subject Directory Attributes
3.1.1.10. Basic Constraints
3.1.1.11. Name Constraints
3.1.1.12. Policy Constraints
3.1.1.13. Extended Key Usage
3.1.1.14. CRL Distribution Points
3.1.1.15. Inhibit Any-Policy
3.1.1.16. Freshest CRL
3.1.2. Internet Certificate Extensions
3.1.2.1. Authority Information Access
3.1.2.2. Subject Information Access
3.1.3. Vendor Specific Extensions
3.1.3.1. Microsoft
3.1.3.2. Netscape
3.2. Profiles
3.2.1. HTTPS server
3.2.2. SMTP server
3.2.3. F-Secure VPN+
4. CSRs
4.1. Additional Attributes
4.2. PKCS#10 Requests
4.3. Basic CSR
4.4. SCEP
5. Subject
5.1. Common stuff
5.2. dc style
5.2.1. etc/servers/*.conf
5.2.2. main.html
5.2.3. certsMail.txt and expiringMail.txt
5.2.4. OpenSSL configuration
5.2.5. CA CSR
6. Subject Alternative Name
7. LDAP
7.1. Configuration of the Directory
7.2. Configuration of the online components
7.3. Writing Certificates to the Directory
7.4. Adding an attribute to the LDAP schema
8. SCEP
8.1. OPENCADIR/etc/servers/scep.conf
8.2. OPENCADIR/etc/config.xml
9. Dataexchange
9.1. Configuration
9.1.1. Configuration with simple files
9.1.2. Configuration via scp
9.2. Adding a new node
10. Databases
10.1. PostgreSQL
10.1.1. Basic Setup
10.1.2. Backup
10.1.3. Recovery
10.2. MySQL
10.3. Oracle
10.3.1. Perl database driver and Oracle OCI client libraries
10.3.2. OpenCA Oracle database configuration
10.3.3. Internal Authentication
10.3.4. External Authentication
10.3.5. Database privilege separation for the OpenCA application
10.3.6. Sample Oracle setup
10.4. DBM Files
10.4.1. Backup and Recovery
10.5. SQLite
11. Email
11.1. Sendmail with basic SMTP authentication
12. i18n
12.1. Debian 3.1 Sarge

Document generated: 2005-08-05T17:53+0200

Prev   Next
5. Organizational Aspects Home Preface