[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#141748: ITP: openca -- Open Source Certification Authority

Package: wnpp
Version: N/A; reported 2002-04-08
Severity: wishlist

* Package name    : openca
  Version         : 0.8.1
  Upstream Author : Multiple; see website.
* URL             : http://www.OpenCA.org/
* License         : "Apache-style" license
  Description     : Open Source Certification Authority

openca allows for a two part CA (from docs):

1. Here it is how it works. The CA (2) Computer is the most important:
on it it is istalled the ca software and the CA SECRET KEY. Because
of it's security needs, we think it must be left disconnected by any
network (this is the only way to protect a computer from network
attacks(!!!)) and file tranfers (Requests/Certificates/CRLs/etc...)
with other computers get executed via removable support
( i.e. floppy/rw/etc...).

2. The RA Server is a bit more complicated. It has a secure (with client
auth turned on) apache server installed. Services offered only to RAs
permit to approve/reject requests BEFORE they get signed by the CA.
On the RA Server there is also an LDAP server (for certificates

3. There is another Web server (Secure Server) that is used by the
normal users to make certificate requests, import CA Certificate, import
requested certificates and import other users' certs. You can activate
this server on the same machine of the RA Server: this can save a litte
work and is the currently adopted choice.

Oh, sorry, did I say 2 parts? obviously, I still have some learning to
do myself...

There are currently some major problems with packaging it for
Debian, so this may take some time. For instance:

- requires openssl 0.9.7, which has not yet been released upstream.

- some system-specific data is hardcoded, which is obviously
a big no-no for a Debian package... Things like E-Mail address, URL,
and organisation have been hardcoded... Hopefully these
have been isolated to a few config files, not sure yet.

- since I I still learning how this works, the current
way I have split the packages could be considered restrictive.
(should be easy to change).

Any help appreciated; if you want to try it out
(with limitations described above), I have a copy at

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux scrooge 2.4.18 #1 Wed Apr 3 13:18:14 EST 2002 i686

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: