Hi Guys, quick fix for the problem - there was an error in passing the dataType variable from the viewCert to the send certificate command. I attach the fix to this email.
Basically, you shall just copy the new files to:
PREFIX/lib/openca/cmds
where PREFIX, in the binaries distros, is '/opt/openca'.
Let me know if this fixes the CA Certificate retrieval problem...
Later,
Max
P.S.: This does not fix the missing-symlinks problem.. :(
Massimiliano Pala wrote:
Hi Samuel, it is probably a bug - I can not find a reason why it should not work. I'll check on it and send you the results - maybe tomorrow! Later, Max Samuel Rios Carvalho wrote:I installed Openca 1.0.2 and created user´s certificates perfectly. But when I downloaded CA certificate in https://ca/pub didn´t found. So I go to CA, in INFORMATION , CA CERTIFICATES and VALID. Showed me the certificate. I clicked in certificate, more info and show this error: Error Code: 6295020 [initServer:314] Cannot load certificate 2147483647 from the database. So I created other CA Certificate and same error. Any idea? Samuel Rios Carvalho
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
## OpenCA - Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
## (c) Copyright 2002-2004 The OpenCA Project
##
## File Name: viewCert
## Brief: Display a certificate
## Version: $Revision: 1.6 $
## Description: Display certificate data
## Parameters: dataType, key
## this script supports the following configurable references
##
## INSTALL_CERT
## LDAP
## REVOCATION
## SENDCERT
## SEND_CERT_KEY
## VIEW_CSR
## TOKENHANDLING
## MAIL
## SET_PUBLIC_PASSWD
## DELETE_PUBLIC_PASSWD
use strict;
sub cmdViewCert {
our ( $query, $self );
my ($info_list, $cmd_list, $hidden_list, $cmd_panel) = (undef, undef,
undef, undef);
my ($hidden_pos, $info_pos, $cmd_pos) = (0, 0, 0);
## Get the Serial Number
my $key = $query->param( 'key' );
my $dataType = $query->param( 'dataType' );
my $status;
my @certDataTypes = ( "VALID_CERTIFICATE", "EXPIRED_CERTIFICATE",
"SUSPENDED_CERTIFICATE", "REVOKED_CERTIFICATE" );
if( not $key and ($key != 0)) {
configError( gettext ("Error, missing key!") );
}
if ( not $dataType ) {
$dataType = "CERTIFICATE";
}
if ( $dataType =~ /^VALID_CERTIFICATE/ ) {
$status = gettext ("Valid");
} elsif ( $dataType =~ /^EXPIRED_CERTIFICATE/ ) {
$status = gettext("Expired");
} elsif ( $dataType =~ /^SUSPENDED_CERTIFICATE/ ) {
$status = gettext("Suspended");
} elsif ( $dataType =~ /^REVOKED_CERTIFICATE/ ) {
$status = gettext("Revoked");
} elsif ( $dataType =~ /^VALID_CA_CERTIFICATE/ ) {
$status = gettext("Valid");
} elsif ( $dataType =~ /^EXPIRED_CA_CERTIFICATE/ ) {
$status = gettext("Expired");
} elsif ( $dataType =~ /^CA_CERTIFICATE/ ) {
## try to determine the datatype
if ($db->getItem ( DATATYPE => "VALID_CA_CERTIFICATE", KEY => $key )) {
$dataType = "VALID_CA_CERTIFICATE";
$status = gettext("Valid");
} elsif ($db->getItem ( DATATYPE => "EXPIRED_CA_CERTIFICATE", KEY =>
$key )) {
$dataType = "EXPIRED_CA_CERTIFICATE";
$status = gettext("Expired");
} else {
configError ( gettext ("Cannot determine status of this
CA-Certificate!"));
}
} elsif ( $dataType =~ /^CERTIFICATE/ ) {
## try to determine the datatype
if ($db->getItem ( DATATYPE => "VALID_CERTIFICATE", KEY => $key )) {
$dataType = "VALID_CERTIFICATE";
$status = gettext("Valid");
} elsif ($db->getItem ( DATATYPE => "EXPIRED_CERTIFICATE", KEY => $key
)) {
$dataType = "EXPIRED_CERTIFICATE";
$status = gettext("Expired");
} elsif ($db->getItem ( DATATYPE => "SUSPENDED_CERTIFICATE", KEY =>
$key )) {
$dataType = "SUSPENDED_CERTIFICATE";
$status = gettext("Suspended");
} elsif ($db->getItem ( DATATYPE => "REVOKED_CERTIFICATE", KEY => $key
)) {
$dataType = "REVOKED_CERTIFICATE";
$status = gettext("Revoked");
} else {
configError ( gettext ("Cannot determine status of this
Certificate!"));
}
} else {
configError (i18nGettext ("DataType not supported (__DATATYPE__)!",
"__DATATYPE__", $dataType));
}
my $cert = $db->getItem( DATATYPE=>$dataType, KEY=>$key );
configError( i18nGettext ("Error __ERRNO__, unable to get cert from dB!
(__ERRVAL__)",
"__ERRNO__", $db->errno(),
"__ERRVAL__", $db->errval())) if( not $cert );
my $parsedCert = $cert->getParsed();
## build emailaddress string
my $emails = "";
foreach my $email (@{$parsedCert->{EMAILADDRESSES}})
{
$emails .= ", " if ($emails);
$emails .= $email;
}
$hidden_list->{"cmd"} = "";
$hidden_list->{"GET_PARAMS_CMD"} = "";
$hidden_list->{"passwd"} = "";
$hidden_list->{"key"} = $key;
$hidden_list->{"HIDDEN_key"} = $key;
$hidden_list->{"dataType"} = $dataType;
$hidden_list->{"dn"} = $parsedCert->{DN};
$hidden_list->{"new_dn"} = "";
$hidden_list->{"name"} = "PUBLIC";
$hidden_list->{"format"} = "";
$hidden_list->{"text"} = "";
$hidden_list->{"signature"} = "";
my $tmpIssuer = $parsedCert->{ISSUER};
my $tmpDN = $parsedCert->{DN};
my $tmpStatus = $status;
## old version - if it can be removed then simply remove it
$tmpIssuer =~ s/[\/,]\s*(?=[A-Za-z0-9\-]+=)/<BR>\n/g;
$tmpDN =~ s/[\/,]\s*(?=[A-Za-z0-9\-]+=)/<BR>\n/g;
my $now = timestamp();
if ( $tmpStatus =~ /^Valid/i ) {
if ($now >
$cryptoShell->getNumericDate ($parsedCert->{NOTAFTER})) {
$tmpStatus = gettext("Expired");
}
} elsif ( $tmpStatus =~ /revoked/gi ) {
$tmpStatus = i18nGettext ("Revoked on __DATE__", "__DATE__",
$parsedCert->{HEADER}->{REVOKED});
} elsif ( $tmpStatus =~ /^Expired/i ) {
if ($now <=
$cryptoShell->getNumericDate ($parsedCert->{NOTAFTER})) {
$tmpStatus = gettext("Not Expired");
}
}
my $download = "";
my $revoke = "";
my $ctype = "";
if ( $dataType =~ /CA_CERTIFICATE/gi ) {
$download = '?cmd=send_email_cert;type=ca;dataType=$dataType;key='.
$key; # $cert->getSerial();
$ctype = "ca";
} else {
$download = '?cmd=send_email_cert;type=email;dataType=$dataType;key='.
$key; # $cert->getSerial();
$ctype = "email";
$revoke = '?cmd=revoke_req;key='.$cert->getSerial();
}
# $info_list->{HEAD}->[0] = gettext("Variable");
# $info_list->{HEAD}->[1] = gettext("Value");
my $html_download = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Download")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='sendcert';
format_sendcert.value='CER';\">";
my $text = undef;
$text = "<table style='width: 500px;'>";
$text .= "<tr><td style='padding: 10px;'>" .
"<a href=\"$self?cmd=send_email_cert;type=$ctype;" .
"dataType=$dataType;key=" .
# $cert->getSerial() . "\" alt=\"" .
$key . "\" alt=\"" .
gettext ("Install this Certificate" ) . "\">" .
" <img src=\"" . getRequired('HtdocsUrlPrefix') .
"/images/cert-icon.png\" alt='" .
gettext("Install this Certificate") . "'/></a>" .
"</td>";
$text .= "<td>" ;
$text .= " <table style='width: 400px;'>" .
" <tr><td colspan='2' " .
"style='font-size: 150%; font-style: bold;'>" .
$parsedCert->{DN_HASH}->{CN}[0] . " [" .
$cert->getSerial() . "]</td></tr>";
$text .= " <tr><td style='color: #777;'>" .
"Issued By:</td>" .
" <td style='color: #777'>" .
$parsedCert->{ISSUER_HASH}->{O}[0] . "</td>";
$text .= " </tr>";
$text .= " <tr><td style='color: #777;'>" .
"Expiration on:</td>" .
" <td style='color: #777;'>" .
$parsedCert->{NOTAFTER} . "</td></tr>";
$text .= " <tr><td style='color: #777;'> " .
"Profile:</td>" .
" <td style='color: #777;'>" .
$parsedCert->{HEADER}->{ROLE} . "</td></tr>";
$text .= " <tr><td> </td>" .
" <td style='font-size: 80%; color: #777;'>" .
"<a href=\"$self?cmd=viewCertFull;dataType=$dataType;" .
# "key=" . $cert->getSerial() . "\" >" .
"key=$key\" >" .
gettext ( "More Info" ) . "... </a></td></tr>";
$text .= " </table>";
$text .= "</td>";
$text .= "</tr>";
$text .= "<tr><td colspan='2'><hr size='1' style='color: #fff;'/>" .
"</tr></td>";
# $text .= " <tr><td colspan='2'>" .
# " <td style='text-align: right;'>" .
# $html_download . "</td></tr>";
# $text .= "<tr><td colspan='2'>" . gettext ("Certificate Profile" ) .
# ":<br/>" . $parsedCert->{HEADER}->{ROLE} . "</td></tr>";
$text .= "<tr><td colspan='2'>" . gettext ("Fingerprint" ) .
":<br/>" . $parsedCert->{FINGERPRINT} . "</td></tr>";
$text .= "</table>";
$info_list->{BODY}->[$info_pos++]->[1] = $text;
#######################################
## here starts the filtered commands ##
## here starts the filtered commands ##
## cmd_list ##
#######################################
$cmd_list->{HEAD}->[0] = gettext ("Operations");
my $allow = libGetPermissionHash (getRequiredList ('CmdRefs_viewCert'));
## perhaps an operator want to have a look at the request
if ($allow->{VIEW_CSR} and
$parsedCert->{HEADER}->{CSR_SERIAL}
) {
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("CSR's Serial Number");
$cmd_list->{BODY}->[$cmd_pos]->[1] = "<a href=\"".
"?cmd=viewCSR&dataType=ARCHIVED_REQUEST&key=".
$parsedCert->{HEADER}->{CSR_SERIAL}."\">".
"$parsedCert->{HEADER}->{CSR_SERIAL}</a>";
$cmd_pos++;
}
## download certs in different formats
if ( $allow->{SENDCERT} and
($dataType =~ /(VALID|EXPIRED|SUSPENDED)/i)
) {
my $select = "<select " .
" class=\"Medium\" name=\"format_sendcert\">\n".
"<option value=\"pem\">PEM</option>\n".
"<option value=\"der\">CER</option>\n".
"<option value=\"pem\">CRT</option>\n".
"<option value=\"der\">DER</option>\n".
"<option value=\"txt\">TXT</option>\n".
"</select>\n";
my $button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Download")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='sendcert';\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Certificate");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $select.$button;
$cmd_pos++;
}
## prepare download of private keys
if ( $allow->{SEND_CERT_KEY} and
$parsedCert->{KEY}
) {
my $select = "<select name=\"format_send_cert_key\">\n".
"<option value=\"openssl\">SSLeay (mod_ssl)</option>\n".
"<option value=\"pkcs8\">PKCS#8</option>\n".
"<option value=\"pkcs12\">PKCS#12</option>\n".
"</select>\n";
my $button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Download")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='getParams';GET_PARAMS_CMD.value='send_cert_key';\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Certificate and Keypair");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $select.$button;
$cmd_pos++;
## Change passphrase
my $change_button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Change")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='changePasswd'\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Change Passphrase");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $change_button;
$cmd_pos++;
## Remove private key from DB
my $remove_button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Remove")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='removeKey'\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Remove Key from
database");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $remove_button;
$cmd_pos++;
}
## prepare the actualization of the LDAP
if ( $allow->{LDAP} and
(getRequired ('LDAP') =~ /y/i)
) {
## update cert on LDAP
my $ldap_button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Add to LDAP")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='ldapAddCert'\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Add the certificate to
LDAP");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $ldap_button;
$cmd_pos++;
## update cert on LDAP with modified DN
$ldap_button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Add to LDAP with modified DN")."\"
".
"onClick=\"cmd.value='getParams';GET_PARAMS_CMD.value='ldapAddCertByName';\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Add the certificate to
LDAP but with changed DN");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $ldap_button;
$cmd_pos++;
## delete cert from LDAP
$ldap_button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Delete from LDAP")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='ldapDeleteCert'\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Delete the certificate
from LDAP");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $ldap_button;
$cmd_pos++;
## delete cert from LDAP with modified DN
$ldap_button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Delete from LDAP with modified
DN")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='getParams';GET_PARAMS_CMD.value='ldapDeleteCertByName';\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Delete the certificate
from LDAP but with changed DN");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $ldap_button;
$cmd_pos++;
}
if ($allow->{TOKENHANDLING} and
not $parsedCert->{IS_CA} and
$status ne gettext("Revoked") and
$status ne gettext("Suspended")
)
{
my $ra_button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Class=\"Medium\" " .
"Value=\"".gettext("Install Certificate")."\" ".
"onClick=\"cmd.value='getcert'\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Tokenhandling");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $ra_button;
$cmd_pos++;
}
if ($allow->{MAIL}) {
my $ra_button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Write a mail")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='writeCertMail'\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Send mail to the User");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $ra_button;
$cmd_pos++;
}
## set enrollment passphrase for certificate and private key on public
gateway
if ( $allow->{SET_PUBLIC_PASSWD} and
$parsedCert->{KEY} and
($dataType =~ /(VALID|EXPIRED|SUSPENDED)/i)
) {
my $button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Set passphrase")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='setPasswd';\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Set passphrase for key
enrollment");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $button;
$cmd_pos++;
}
if ( $allow->{DELETE_PUBLIC_PASSWD} and
$parsedCert->{KEY} and
($dataType =~ /(VALID|EXPIRED|SUSPENDED)/i)
) {
my $button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Delete passphrase")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='deletePasswd';\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Delete passphrase for key
enrollment");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $button;
$cmd_pos++;
}
## revoke cert
if ( $allow->{REVOCATION} and
$status ne gettext("Revoked")
)
{
my $ra_button = "<input ".
"TYPE=\"Submit\" ".
"Name=\"Submit\" ".
"Value=\"".gettext("Revoke")."\" ".
"Class=\"medium\" " .
"onClick=\"cmd.value='revoke_req'\">";
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Start Revocation");
$cmd_list->{BODY}->[$cmd_pos]->[1] = $ra_button;
$cmd_pos++;
}
if ($allow->{INSTALL_CERT}) {
if ($dataType =~ /(VALID|EXPIRED|SUSPENDED)_CERTIFICATE/) {
$cmd_panel->[0] =
"<a href=\"".$download."\" onClick=\"alert('The
Certificate will be installed under Other People Certificates
Tab');\">".gettext("Install the certificate")."</a>";
$cmd_panel->[1] =
"<a href=\"".$revoke."\">".gettext("Revoke the
certificate")."</a>";
}
}
return libSendReply (
"NAME" => i18nGettext ("__STATUS__
Certificate", "__STATUS__", $status),
# "EXPLANATION" => gettext ("Following you can find
the certificate details."),
# "TIMESTAMP" => 1,
"INFO_LIST" => $info_list,
# "CMD_LIST" => $cmd_list,
# "CMD_PANEL" => $cmd_panel,
"HIDDEN_LIST" => $hidden_list
);
}
1;
## OpenCA - Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
## (c) Copyright 2002-2004 The OpenCA Project
##
## File Name: send_email_cert
## Brief: send cert in PEM-format
## Version: $Revision: 1.2 $
## Description: this script is used to give the user a cert
## Parameters: key, dataType
use strict;
sub cmdSend_email_cert {
## Version Information
$VER = '2.1.01';
$PRG = 'Certificates Send over HTTP';
##// Let's get parameters
my $type = $query->param('type');
my $key = ( $query->param('key') || $query->param('serial') );
my $dataType = ( $query->param('dataType') || "VALID_CERTIFICATE" );
my $mimetype = "Content-type: application/x-X509-XXX-cert\n\n";
my $bgcert = '-----BEGIN CERTIFICATE-----';
my $endcert = '-----END CERTIFICATE-----';
my $cert;
## Now we must take different path for we can give certs for user/ca
## or whatever we want.
if ( "$type" =~ /(email|user|ca)/i ) {
$mimetype =~ s/XXX/$type/g;
}
## If we want the Text Version of the Certificate
if ( $type =~ /txt/i ) {
$mimetype = "Content-type: text/html\n\n";
$mimetype .= "<PRE>\n";
}
## fix the format
if ( $query->param ("HTTP_USER_AGENT") =~ /IE/i ) {
$type = "DER";
}
## Get the certificate from the DB
if ( $cert = $db->getItem(DATATYPE=>$dataType, KEY=>$key ) ) {
print "$mimetype";
if( $type =~ /txt/i ) {
print $cert->getTXT();
} elsif ( $type =~ /der/i ) {
print $cert->getDER();
} else {
print $cert->getPEM();
}
} else {
generalError (gettext ("Cannot load certificate from the
database!"));
}
}
1;
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
