Hi Julius, which version of the perl module X500::DN are you using? On my system it was 0.28 (is the minimum required version in the documentation), but I think that is also the version you are using. Furthermore, which version of Parse::RecDescent do you use? I had 1.94 (also required version).
I am sorry but I can't test it with serials oder ips in a request on my system because I changed my working place. Kind regards, Matthias. On 5/31/07, Geier Julius <[EMAIL PROTECTED]> wrote: > Hi Matthias! > Thanks for reply. I'll try to explain my problem a little bit more in > detail: > > When requesting a certificate witch contains serial number and ip-address > the DN looks something like this: > > unstructuredName=router.test.domain+unstructuredAddress=123.234.123.234+serialNumber=ABC098765AB,CN=router.test.domain > > And the "+" -signs are the cause for all the trouble. When trying to issue > the certificate it results in an "Error 700: The compilation of the command > cmdIssueCertificate failed. openssl syntax for multi-valued RDNs is unknown > at /usr/lib/perl5/vendor_perl/5.8.8/X500/DN.pm line 104". > > This perl-module is written in 2002 and it seems, that it was never updated. > :-( I even don't know, wether it came with the openca-installation or with > an other perl-package. Anyhow, when exporting the certficate-request (or > doing a cut and paste from the log-file) I can sign the request with openssl > by commandline - something like: > > openssl ca -batch -config > /usr/local/openca/ca/etc/openssl/openssl/VPN_Server.conf -keyfile > /usr/local/openca/ca/var/crypto/keys/cakey.pem -extfile > /usr/local/openca/ca/etc/openssl/extfiles/VPN_Server.ext -preserveDN -in > /root/tmp/req.pem > > does the job quite well. In this case I receive a certificate. I can import > the cert into CA and RA ... but it's never delivert to the router by the > scep-server. (A commandline "enrollment term" followed by "crypto pki import > openca.test.domain certificate" on the router works fine too) > > This problem was discussed in an earlier thread opened by Kurt Hockenmaier. > But as soon as you modify a request by hand the cert is rejected by the > router (in the thread mentioned above the pix accepted the cert... ). > > So the easiest way would be a proper import of the cert for me. But I > actually don't know, how to do so. > > Thanks for support and best regards > > Jörg Kirmße > > _________________________________________________________________ > FREE pop-up blocking with the new MSN Toolbar - get it now! > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Openca-Users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openca-users > > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
