If you want to use it, please send me a message or email me, i can transfer all .tar and OpenCA_zh-CN.zip to you online, they are too big to upload to a weblog. Here we go:

First:

Avoid forgetting, let’s add two users and groups:

groupadd apache

groupadd openca

useradd -g apache apache

useradd -g openca openca

Then, un-pack all.tar to install openca support environment.

#tar xvf all.tar

#cd all

----------------------------------------

APR Series:

tar -zxvf apr-1.3.3.tar.gz

cd apr-1.3.3

./configure --prefix=/usr/local/apr

make

make install

 

tar -zxvf apr-util-1.3.4.tar.gz

cd apr-util-1.3.4

./configure --prefix=/usr/local/apr --with-apr=/usr/local/apr

make

make install

 

tar -zxvf apr-iconv-1.2.1.tar.gz

cd apr-iconv-1.2.1

./configure --prefix=/usr/local/apr --with-apr=/usr/local/apr

make

make install

----------------------------------------

OpenSSL:

tar -zxvf openssl-0.9.8k.tar.gz

cd openssl-0.9.8k

./config --prefix=/usr/local/ssl

make

make install

----------------------------------------

Apache:

tar -zxvf httpd-2.2.11.tar.gz

cd httpd-2.2.11

./configure --prefix=/usr/local/apache --enable-rewrite --enable-so --enable-vhost-alias --enable-rule=EXPAT --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr --with-ssl=/usr/local/ssl --enable-ssl

make

make install

----------------------------------------

Mod_Perl:

tar zxvf mod_perl-2.0-current.tar.gz

perl Makefile.PL EVERYTHING=1 USE_DSO=1 DO_HTTPD=1

make

make install

----------------------------------------

Let’s use openssl to generates a certification for apache to use SSL.

openssl req -new -x509 -nodes -out server.crt -keyout server.key

cp server.crt  server.key /usr/local/apache/conf

----------------------------------------

vi /usr/local/apache/conf

Modify user and group as “apache”.

----------------------------------------

BerkeleyDB:

tar zxvf db-4.5.20.tar.gz

cd db-4.5.20/build_unix/

../dist/configure

make

make install

----------------------------------------

OpenLDAP:

tar zxvf openldap-stable-20090411.tgz

cd openldap-2.4.16/

export CPPFLAGS="-I/usr/local/BerkeleyDB.4.5/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.5/lib"

export LD_LIBRARY_PATH="../db-4.5.20/build_unix/.libs"

./configure --prefix=/usr/local/openldap --enable-ldbm

make depend

make

make test

make install

----------------------------------------

MySQL:

tar -zxvf mysql-5.1.34.tar.gz

 cd mysql-5.1.34

./configure --prefix=/usr/local/mysql --with-charset=utf8 --with-readline --with-extra-charsets=all

cp /etc/my.cnf /etc/my.cnf.default

 

Create a database for openca.

mysql> CREATE DATABASE openca CHARACTER SET utf8;

Set a password for root.

mysqladmin -uroot -p password yourpassword

----------------------------------------

openca-tool:

tar zxvf  openca-tools-1.1.0.tar.gz

./configure

make

make install

Install OpenCA:

Modify the following script to your configuration,only WEBHOST and --with-db-passwd=,and save it as openca_configure.sh

############################################

#!/bin/sh

 

D="/usr/local/openca"

WEBDIR="/usr/local/www"

WEBHOST=159.226.10.10

 

./configure \

  --prefix=${D} \

  --with-openca-user=openca \

  --with-openca-group=openca  \

  --with-httpd-user=apache \

  --with-httpd-group=apache \

  --with-openca-prefix=${D} \

  --with-etc-prefix=${D}/etc \

  --with-htdocs-fs-prefix=${WEBDIR}/html/pki \

  --with-cgi-fs-prefix=${WEBDIR}/cgi-bin/pki \

  --with-module-prefix=${D}/modules \

  --with-web-host=${WEBHOST} \

  --with-openssl-prefix=/usr/local/ssl \

  --with-db-type=mysql \

  --with-db-user=root \

  --with-db-host=localhost \

  --with-db-port=3306 \

  --with-db-passwd=password \

  --with-db-name=openca

###################################################

chomd 755 openca_configure.sh

./openca_configure.sh

make

make install-online

make install-offline

 

./configure_etc.sh

 

/usr/local/openca/init.d/openca start &

/usr/local/apache/bin/apachectl start &

 

If you want to use the Chinese version, please unpack OpenCA_zh-CN.zip, and cover the installed directory.

At last, don't forget to execute configuration script(configure_etc.sh), and restart your service(/usr/local/openca/init.d/openca restart).

 

----------------------------------------

Make RA automatic issue:

But if you change browser_req.xml into APPROVED of NEW modifcation, it will be issued automaticly

----------------------------------------