Choonhan,
  Please send me your current problems, since I am not sure how many of the 
problems you were having on Sunday, you have already solved.

Let me try to clarify the certificate issue. You need two certificates for 
your Akenti/ssl/apache setup. One is for the SSL web server itself and is best 
named with the fullly qualified domain name of the server. Thus 
/C=US/O=Syracuse University/OU=NPAC/CN=osprey3.npac.syr.edu". This one is sent 
to anyone attempting to access the web server. It can be self-signed (just use 
the one ssl/bin/genkey gives you) or submitted to a CA and signed by the CA. 
Note that my CA cannot sign Certificates that do not have O=Lawrence Berkeley 
National Laboratory. If the CN associated with the certificate is different 
from the machine name that it came from, the Netscape browser will warn you. 
This is why I recommend using the machine name as the CN. This is the cert and 
key pointed to by the http configuration file (httpd.conf) as the 
SSLCertificateFile and SSLCertificateKeyFile.

The second certificate is one that Akenti uses to sign cached certificates. No
one external sees this one. This is the one that is pointed to by the 
AkentiCredentialPK and AkentiCredentialPUBK items in the Akenti.conf file. 
Also the name is in AkentiDN. I think AkentiCA can be the same as the DN as 
this certificate works perfectly well as a self-signed cert. This one is a 
recent addition and while we are using it to sign cache certificates, we don't 
handle it very rigoursly. I would include the name Akenti in this certificate, 
to distinguish it from the SSL web server certificate.

Akenti.conf is the configuration files for the various Akenti servers not 
really for the resources. It does name the PolicyFile name which is the file 
that starts of the Authorization of resources.

As noted above, I can't sign your certificate with the o=Syracuse University, 
but it should work ok without being signed by a CA.

Send me any current questions.

Mary