If you want to use it, please send me a message or email me, i can transfer all .tar and OpenCA_zh-CN.zip to you online, they are too big to upload to a weblog. Here we go:
First:
Avoid forgetting, let’s add two users and groups:
groupadd apache
groupadd openca
useradd -g apache apache
useradd -g openca openca
Then, un-pack all.tar to install openca support environment.
#tar xvf all.tar
#cd all
#cd all
----------------------------------------
APR Series:
tar -zxvf apr- 1.3.3 .tar.gz
cd apr- 1.3.3
./configure --prefix=/usr/local/apr
make
make install
tar -zxvf apr-util- 1.3.4 .tar.gz
cd apr-util- 1.3.4
./configure --prefix=/usr/local/apr --with-apr=/usr/local/apr
make
make install
tar -zxvf apr-iconv- 1.2.1 .tar.gz
cd apr-iconv- 1.2.1
./configure --prefix=/usr/local/apr --with-apr=/usr/local/apr
make
make install
----------------------------------------
OpenSSL:
tar -zxvf openssl- 0.9.8 k.tar.gz
cd openssl- 0.9.8 k
./config --prefix=/usr/local/ssl
make
make install
----------------------------------------
Apache:
tar -zxvf httpd- 2.2.11 .tar.gz
cd httpd- 2.2.11
./configure --prefix=/usr/local/apache --enable-rewrite --enable-so --enable-vhost-alias --enable-rule=EXPAT --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr --with-ssl=/usr/local/ssl --enable-ssl
make
make install
----------------------------------------
Mod_Perl:
tar zxvf mod_perl-2.0-current.tar.gz
perl Makefile.PL EVERYTHING=1 USE_DSO=1 DO_HTTPD=1
make
make install
----------------------------------------
Let’s use openssl to generates a certification for apache to use SSL.
openssl req -new -x509 -nodes -out server.crt -keyout server.key
cp server.crt server.key /usr/local/apache/conf
----------------------------------------
vi /usr/local/apache/conf
Modify user and group as “apache”.
----------------------------------------
BerkeleyDB:
tar zxvf db- 4.5.20 .tar.gz
cd db- 4.5.20 /build_unix/
../dist/configure
make
make install
----------------------------------------
OpenLDAP:
tar zxvf openldap-stable-20090411.tgz
cd openldap- 2.4.16 /
export CPPFLAGS="-I/usr/local/BerkeleyDB.4.5/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.5/lib"
export LD_LIBRARY_PATH="../db- 4.5.20 /build_unix/.libs"
./configure --prefix=/usr/local/openldap --enable-ldbm
make depend
make
make test
make install
----------------------------------------
MySQL:
tar -zxvf mysql- 5.1.34 .tar.gz
cd mysql- 5.1.34
./configure --prefix=/usr/local/mysql --with-charset=utf8 --with-readline --with-extra-charsets=all
cp /etc/my.cnf /etc/my.cnf.default
Create a database for openca.
mysql> CREATE DATABASE openca CHARACTER SET utf8;
Set a password for root.
mysqladmin -uroot -p password yourpassword
----------------------------------------
openca-tool:
tar zxvf openca-tools- 1.1.0 .tar.gz
./configure
make
make install
Install OpenCA:
Modify the following script to your configuration,only WEBHOST and --with-db-passwd=,and save it as openca_configure.sh
############################################
#!/bin/sh
D="/usr/local/openca"
WEBDIR="/usr/local/www"
WEBHOST=159.226.10.10
./configure \
--prefix=${D} \
--with-openca-user=openca \
--with-openca-group=openca \
--with-httpd-user=apache \
--with-httpd-group=apache \
--with-openca-prefix=${D} \
--with-etc-prefix=${D}/etc \
--with-htdocs-fs-prefix=${WEBDIR}/html/pki \
--with-cgi-fs-prefix=${WEBDIR}/cgi-bin/pki \
--with-module-prefix=${D}/modules \
--with-web-host=${WEBHOST} \
--with-openssl-prefix=/usr/local/ssl \
--with-db-type=mysql \
--with-db-user=root \
--with-db-host=localhost \
--with-db-port=3306 \
--with-db-passwd=password \
--with-db-name=openca
###################################################
chomd 755 openca_configure.sh
./openca_configure.sh
make
make install-online
make install-offline
./configure_etc.sh
/usr/local/openca/init.d/openca start &
/usr/local/apache/bin/apachectl start &
If you want to use the Chinese version, please unpack OpenCA_zh-CN.zip, and cover the installed directory.
At last, don't forget to execute configuration script(configure_etc.sh), and restart your service(/usr/local/openca/init.d/openca restart).
----------------------------------------
Make RA automatic issue:
But if you change browser_req.xml into APPROVED of NEW modifcation, it will be issued automaticly
----------------------------------------