I have my own CA that I use for my mail/web/openldap/etc server. I generated a CA cert, and used this to sign a certificate for the server daemons. All has generally gone well, until I've wanted to use KAddressBook to grab addresses off of my LDAP server. It complains that verification of the certificate failed when it tries to connect with TLS or SSL.
I have gpg 1.9 installed (using Gentoo; it's slotted alongside 1.4), and gpg-agent, watchgnupg, Kleopatra, etc. all work fine. However, while I've been able to import my CA certificate and private key and have verified it by adding the appropriate line to trustlist.txt, I cannot seem to import the server certificate that it signed. I continually get the following message: 5 - 2006-03-23 16:58:30 gpgsm[27069]: self-signed certificate has a BAD signature: Bad signature 5 - 2006-03-23 16:58:30 gpgsm[27069]: basic certificate checks failed - not imported OpenSSL will verify the certificate: [EMAIL PROTECTED] ~ $ openssl verify -CAfile /etc/ssl/certs/My_CA.pem ./server.crt server.crt: OK And if I re-verify the CA certificate with gpgsm, through Kleopatra, logging level Basic (here's hoping I'm not giving out any information I didn't want to be giving out :-) ): 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: <- OPTION lc-messages=en_US.utf8 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: -> OK 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: <- HAVEKEY AEDB2E87FEF060315E94B85A187ADB8B147E5D95 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: -> OK 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: <- ISTRUSTED F4B09616C152F40095ECE57792CAEF68569207FD 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: -> OK 4 - 2006-03-23 17:21:45 gpgsm[27300]: no running dirmngr - starting one [client at fd 6 connected] 6 - 2006-03-23 17:21:45 dirmngr[27301]: permanently loaded certificates: 0 6 - 2006-03-23 17:21:45 dirmngr[27301]: runtime cached certificates: 0 6 - 2006-03-23 17:21:45 dirmngr[27301.0x8081538] DBG: -> OK Dirmngr 0.9.3 at your service 4 - 2006-03-23 17:21:45 gpgsm[27300]: DBG: connection to dirmngr established 6 - 2006-03-23 17:21:45 dirmngr[27301.0x8081538] DBG: <- ISVALID 368B186305A2CD33AE58546032 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: <- OPTION lc-messages=en_US.utf8 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: -> OK 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: <- HAVEKEY AEDB2E87FEF060315E94B85A187ADB8B147E5D95 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: -> OK 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: <- ISTRUSTED F4B09616C152F40095ECE57792CAEF68569207FD 5 - 2006-03-23 17:21:45 gpg-agent[26852.0x80882b0] DBG: -> OK 4 - 2006-03-23 17:21:45 gpgsm[27300]: no running dirmngr - starting As you can see my CA certificate is trusted, and I've imported the secret key. I do not have a CRL imported, but I don't think that matters. Now, the relevant parts of the output, logging level guru, when I try to import the certificate signed by my CA: 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: <- IMPORT 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 33 3A 72 73 61 28 31 3A 73 31 32 38 3A 6D 41 FD BA B2 9A 80 FC C3 1C 80 CA 3A 91 58 69 57 86 7F EA 4D 43 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: -> OK 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: <- OPTION ttyname=/dev/pts/2 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: -> OK 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: <- OPTION ttytype=xterm 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: -> OK 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: <- OPTION lc-ctype=en_US.utf8 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: -> OK 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: <- OPTION lc-messages=en_US.utf8 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: -> OK 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: <- INPUT FD=13 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: -> OK 4 - 2006-03-23 17:25:35 gpgsm[27314.0x8081a58] DBG: <- IMPORT 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 33 3A 72 73 61 28 31 3A 73 31 32 38 3A 6D 41 FD BA B2 9A 80 FC C3 1C 80 CA 3A 91 58 69 57 86 7F EA 4D 43 17 82 B5 AD B5 12 27 AB 2E 19 CE 28 80 1B 06 A4 A3 B7 0C 65 34 11 3A 64 E5 E4 6B AB FB 7C 9B 20 2C 72 DA C6 BC F2 FB 44 D0 33 5E D0 80 9E 51 B7 93 45 2E F1 E3 39 DE 57 EC 91 B2 78 FE DC A0 6A E6 E9 40 C8 F7 7D C7 72 52 AC AA 26 AC F5 1D C3 95 C2 47 7C 1F 60 B3 14 77 D8 68 58 50 10 95 A4 89 E0 44 6A 4A 8B A4 BE 23 CD 29 29 29 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 20 30 0C 06 08 2A 86 48 86 F7 0D 02 05 05 00 04 10 56 6B 1C C4 5E 93 92 4C ED 67 7C 04 F1 32 DE 01 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: gcry_pk_verify: Bad signature 4 - 2006-03-23 17:25:35 gpgsm[27314]: self-signed certificate has a BAD signature: Bad signature 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: BEGIN Certificate `self-signing ce 17 82 B5 AD B5 12 27 AB 2E 19 CE 28 80 1B 06 A4 A3 B7 0C 65 34 11 3A 64 E5 E4 6B AB FB 7C 9B 20 2C 72 DA C6 BC F2 FB 44 D0 33 5E D0 80 9E 51 B7 93 45 2E F1 E3 39 DE 57 EC 91 B2 78 FE DC A0 6A E6 E9 40 C8 F7 7D C7 72 52 AC AA 26 AC F5 1D C3 95 C2 47 7C 1F 60 B3 14 77 D8 68 58 50 10 95 A4 89 E0 44 6A 4A 8B A4 BE 23 CD 29 29 29 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 20 30 0C 06 08 2A 86 48 86 F7 0D 02 05 05 00 04 10 56 6B 1C C4 5E 93 92 4C ED 67 7C 04 F1 32 DE 01 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: gcry_pk_verify: Bad signature 4 - 2006-03-23 17:25:35 gpgsm[27314]: self-signed certificate has a BAD signature: Bad signature 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: BEGIN Certificate `self-signing ce 17 82 B5 AD B5 12 27 AB 2E 19 CE 28 80 1B 06 A4 A3 B7 0C 65 34 11 3A 64 E5 E4 6B AB FB 7C 9B 20 2C 72 DA C6 BC F2 FB 44 D0 33 5E D0 80 9E 51 B7 93 45 2E F1 E3 39 DE 57 EC 91 B2 78 FE DC A0 6A E6 E9 40 C8 F7 7D C7 72 52 AC AA 26 AC F5 1D C3 95 C2 47 7C 1F 60 B3 14 77 D8 68 58 50 10 95 A4 89 E0 44 6A 4A 8B A4 BE 23 CD 29 29 29 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 20 30 0C 06 08 2A 86 48 86 F7 0D 02 05 05 00 04 10 56 6B 1C C4 5E 93 92 4C ED 67 7C 04 F1 32 DE 01 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: gcry_pk_verify: Bad signature 4 - 2006-03-23 17:25:35 gpgsm[27314]: self-signed certificate has a BAD signature: Bad signature 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: BEGIN Certificate `self-signing ce 17 82 B5 AD B5 12 27 AB 2E 19 CE 28 80 1B 06 A4 A3 B7 0C 65 34 11 3A 64 E5 E4 6B AB FB 7C 9B 20 2C 72 DA C6 BC F2 FB 44 D0 33 5E D0 80 9E 51 B7 93 45 2E F1 E3 39 DE 57 EC 91 B2 78 FE DC A0 6A E6 E9 40 C8 F7 7D C7 72 52 AC AA 26 AC F5 1D C3 95 C2 47 7C 1F 60 B3 14 77 D8 68 58 50 10 95 A4 89 E0 44 6A 4A 8B A4 BE 23 CD 29 29 29 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 20 30 0C 06 08 2A 86 48 86 F7 0D 02 05 05 00 04 10 56 6B 1C C4 5E 93 92 4C ED 67 7C 04 F1 32 DE 01 4 - 2006-03-23 17:25:35 gpgsm[27314]: DBG: gcry_pk_verify: Bad signature 4 - 2006-03-23 17:25:35 gpgsm[27314]: self-signed certificate has a BAD signature: Bad signature I have no idea what's going on...I hope somebody can help! Thanks, Jeff _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
