CAcert Code Development list.

[Frederic Dumas <f.dumas AT ellis.siteparc.fr>]

Dear Bernhard,

I took time today to complete both tests, with an Org Server Cert and AN 
Org Client Cert. They have passed, obviously, and each of the generated 
certificates are valid until the 21st of August, 2021. Both test 
certificates exist on test.cacert.org.

Thank you for the clean and comprehensive guidance, that you gave me 
earlier. As it might be useful for the next tester candidate to read it 
too (you said you require 2x test) and follow the same steps, I quote 
your mail in attachment.

However, not everything went well until the end. As I submitted my 
(quite detailed) test report to Mantis, the animal abruptly decided that 
the "authentication token was not valid any more", and basically pushed 
to /dev/null my over one hour carefully crafted report. I suddenly felt 
like a secretary on front of Word™. I have to confess that my motivation 
to go ahead with the matter dropped dramatically.

Well, I am doing a break, and will try later to gather as much as I can 
from the puzzled details which I still have all around my screens.

Regards.

Frédéric.

--
Frédéric Dumas
f.dumas AT ellis.siteparc.fr



Le 06/08/2019 à 21:58, Bernhard Fröhlich a écrit :
> Hi Frederic,
>
> I checked your setup now. Your basic setup is OK, you are an Org Admin 
> (so you can add new Organisations, which you obviously have already 
> found out), due to the flag set in the test manager.
>
> The problems with respect to the test scenario I noticed are the following:
>
>   * Your new organisation (Ellis BBS ...) has neither domains not
>     admins. So it is not possible to create certificates for it yet.
>   * Your account is not an Assurer account, so it can not assigned as an
>     organisation's admin (which is something different than an
>     Organisation Assurer!)
>
> To fix it these problems you may try this checklist:
>
>   * In the testmgr https://mgr.test.cacert.org:14843 use the "Manage
>     Account -> Automated Assurance" to give your account at least 95
>     additional points
>   * Also in the testmgr, in "Manage Account -> Assurer Challenge" assign
>     yourself one passed challenge. Alternatively you can do the test at
>     the CATS testserver https://cats.test.cacert.org:14843/, but this is
>     considerably more work, and sometines won't work at all due to
>     problems with the result upload... :-/
>   * Now change back to the test server https://test.cacert.org and
>     verify that you are an Assurer. "My Details -> My Trainings" should
>     state something like "You have passed the Assurer Challenge and
>     collected at least 100 Assurance Points, you are an Assurer."
>   * Use "Org Admin -> View Organisations" to find your Organisation
>     (probably at the bottom of the list) and use the "Admins (0)" link
>   * Klick the Add-Link in the top line, enter the (primary) mail address
>     of your account and set Master Account to yes. The rest of the
>     fields are optional
>   * Go back to your organisation at "Org Admin -> View Organisations"
>     and click "Domains (0)" and once more "Add"
>   * Enter a domain name you see fitting for your organisation, probably
>     something like "ellis.siteparc.fr"
>
> Now you should be able to create Org client and Org server certificates 
> for mail adresses @ellis.siteparc.fr and server names below 
> ellis.siteparc.fr, so, for example, CSRs for server1.ellis.siteparc.fr 
> and server2.subdomain.ellis.siteparc.fr should work.
>
> Note that the only thing taken from a CSR is the server's CN and, maybe, 
> SubjectAltNames. The names must match one of the recorded domain names.
>
> Kind regards
> Ted
> ;)
>
> P.S.: I'd consider it a bug that in your non-assurer-account the "Org 
> Client Certs" and "Org Server Certs" are shown, as you cannot use then 
> yet, without being assigned as admin to an organisation. Probably the 
> "Organisation Assurer" flag activates them, but this is not correct. The 
> "Organisation Assurer" flag should only give you the "Org Admin" menu. 
> But the impact of this bug indeed is minimal... :-)

Attachment: Screen Shot 2019-08-22 at 13.49.42.png
Description: PNG image