The OpenCA Book: A guide to OpenCA, the Open Certification Authority | ||
---|---|---|
Prev | Chapter 4. The structure of OpenCA | Next |
This is the functionality of the Registration Authority (RAServer) Server. The various local Registration Authority Operators communicate with this intermediary on behalf of the users' requests, in order to have access to the CA. No user communicates directly with the RA server. The RA server should be placed at a very high security level to prevent unauthorized access. The RA Server is administered by the Registration Authority Administrator. The actions available are listed next.
While perusing the source code, you will see the principal Registration Authority Server to be described as RAServer.
Note: The content of this section is subject to change in the future.
Export Requests
Export the approved requests to the CAServer.
Pending Requests
Show Certificate Signing Requests waiting for approval by the RAServer Administrator. Approval can be based to Identification Documents or other credentials.
Approved Requests
Show Certificate Signing Requests that have already been approved by the RAServer Administrator. These Certificate Signing Requests will be sent to the CAServer using the Export requests function.
Remove Exported Requests
The approved requests, once they are exported to the CAServer, can be removed with this option.
Import CA Certificate
This imports the Certification Authority Certificate and saves it on the local filesystem. This copy of the Certificate will be published using the adjacent commands to the interested parties.
Import New Certificates
This imports the newly signed Certificates from the CAServer. The Certificates are copied to the local file system.
Export Certificates onto LDAP
This command exports the Certificates to the specified LDAP server. The users will retrieve their Certificate by accessing the LDAP server, rather then contacting directly the RAServer.
Import CRL
This imports the Certificate Signing Request from the Certification Authority in order to be published with the adjacent commands.
Export Certificate Revocation Requests
This command exports the already approved Revocation Requests to the CAServer. Then, the CAServer will revoke that Certificates.
Send e–mail to users for newly issued certificates
This informs the users that the Certificate has been prepared and that they should follow the, mentioned in the e–mail, procedure to collect it.
Delete Temp files (After importing certificates).
This is a clean–up command. With the current implementation of OpenCA, when the users are being sent a notification, temporary files are created to indicate the e–mail to be sent. If these files are not deleted, then, on the next batch mailling, the users who have already got a notification will be notified again.