The RA Node is the interface used to control RA operations that deal with external interfaces, for example exporting request data to the Certificate Authority.
This section lists the OpenCA components.
This link takes the user to the main CA Server page. This link is only available if the CA is accessable. In the normal OpenCA configuration the CA is offline and so this link will fail.
This section takes the user to a screen to manage the LDAP server, if one has been configured.
Pressing this link takes the user to the OpenCA public interface. This interface is described elsewhere in this document.
This section lists the options available to configure and maintain the RA Node.
If the PKI has been configured with Crypto Tokens holding the CA provate key in an online mode, then this link will stop the token deamon.
This screen is used to set up your OpenCA RA. It is intended that the screen be used once and once only. There are two links:
The RA Administrator should press this link to run the data base initialisation script. Note if you run this script on an existing data base then you are likely to loose all existing data. Be careful !
This link is used to exchange data with other areas of the PKI infrastructure (e.g. CA). Depending on your implementation of OpenCA, only some of the following sections will apply.
It is unlikely that there will be a lower level of the hierachy at the RA.
It is unlikely that there will be a lower level of the hierachy at the RA.
This section is used to download data from the CA to the RA. In order to use this section, data must have already been exported from the CA. This data is usually stored on a floppy disk. Upon clicking any of the following links the user is prompted "You need to provide a support to proceed (depends on your configuration). Are you sure you want to continue ?". This means that you need to have read access to the device that the exported data is on (e.g. the floppy drive).
Pressing this link imports all the data that has been exported from the CA into the RA.
Pressing this link imports only the certificate data from the CA into the RA.
Pressing this link imports only the configuration data from the CA to the RA. This is data like user roles (certificate types).
This section enables the RA Administrator to export data to the export device ready for import to the CA. Upon clicking any of the following links the user is prompted "You need to provide a support to proceed (depends on your configuration). Are you sure you want to continue ?". This means that you need to have write access to the device that the exported data going to be written to (e.g. the floppy drive).
Note, the export of data is in the form of a delta, i.e. only new or modified data is exported. It is an administration task to modify this behaviour.
This section allows the RA Administrator to backup and recover the OpenCA RA database. It is good practice to perform a data base backup regularly.
Pressing this link backs up the database to the export device. Upon clicking the link, the user is prompted "You need to provide a support to proceed (depends on your configuration). Are you sure you want to continue ?". This means that you need to have write access to the device that the exported data going to be written to (e.g. the floppy drive).
Pressing this link configures the data base for import of data. If you are rebuilding the RA then it is important to press this link.
General utilities for the RA Operator
Pressing this link sends the "New User" emails out to new users. These emails tell the users that their certificates are aready for collection and gives them a link to the public interface to collect their certificates.
Pressing this link sends new users an encrypted CRIN mail. The CRIN mail contains a pin code that the user must enter when revoking their own certificates. The user should be able to decrypt the message as they would have created the private key during their certificate request process. The message is encrypted using the public key in the certificate request.