Better docs for Batch system and examples needed
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Better docs for Batch system and examples needed
by blainedw
::
Rate this Message:
I have several 1000 certs to create and was looking at the batch system to do this. But there is so little documentation on it (will the 0.9.2+ docs work for 1.0.2?) and I am very confused. To test it out, I can just use the CA cert or am I required to create a BP cert? Then I create a batch_process_data.txt file that contains the info and tar it up into a dataexchange file. I think I can use QuickImport... So if that is the case, can someone give me examples of their batch_process_data.txt? Dave ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users |
|
|
Re: Better docs for Batch system and examples needed
by blainedw
::
Rate this Message:
OK I learned some things on my own. I created the following batch_data_process.txt USER user1 PROCESS gen_certs_2 SET_STATE new_process ROLE Smartcard SUBJECT_ALT_NAME_1 email:user1@...,otherName:1.3.6.1.4.311.20.2.3;UTF8:user1@... SUBJECT UID=user1,CN=Joe Blow,OU=Employees,DC=gdls,DC=com LOA_MODE NORMAL LOA 4 and added it to my dataexchange tar file Then selected "QuickImport" which slurped up the dataexchange file. At this point, if I tried to reimport the same user I would get an error so I found that I could reset things by deleting the contents of file $OPENCADIR/var/openca/bp/users.txt and delete the contents of directory $OPENCADIR/var/openca/bp/users. Of course, this only works if your just in test dealing with one user ;) And then I selected "Do one step for all workflows" Yes for both CA and BP key certificates. It then asked for the CA key twice (since I didn't create a seperate BP certificate). I noticed that in the RA interface that it doesn't have any options to download the PKCS#12 file. Is this normal for the UI? Never fear, though, these files are located in $OPENCADIR/var/openca/bp/dataexchange directory. My next problem was to determine the PIN assigned. This can be done in the Batch UI by selecting Export PIN. I found that if you want to issue Export PIN more than once you will get an error. To clear the error, you have to delete the file $OPENCADIR/var/openca/bp/dataexchange/pin_list (BTW, this is the list of PINs exported). My remaining issue is that our normal requests have extra fields like phone number, etc that aren't in the DN of the certificate. They are just additional request attributes. How can those be accomodated???? Dave This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users |
| Free embeddable forum powered by Nabble | Forum Help |
