We use MyProxy server with Simple CA to issue user credentials. And wanted to
use the certificate_issuer_subca_certfile option to add a certificate of the
Simple CA to a certificate chain sent by MyProxy server. Unfortunately, the
option causes the following error:
Jun 11 13:36:34 auth1 myproxy-server[17900]: Error parsing certificate chain
error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large
error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large
error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large
error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large
error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large
error:0906D06C:PEM routines:PEM_read_bio:no start line Failed to load sub-CA
certs from file (/var/lib/myproxy/.globus/simpleCA/cacert.pem)! CA failed to
generate certificate
We are using Ubuntu Oneiric.
root@ca:~# openssl version
OpenSSL 0.9.8k 25 Mar 2009
root@ca:~#
The version we are running is:
root@auth1:/var/log# myproxy-server --version
myproxy-server version MYPROXYv2 (v5.5 5 Sep 2011 PAM OCSP)
root@ca:~# ldd /usr/local/globus-5.0.3/sbin/myproxy-server
linux-vdso.so.1 => (0x00007fff02dff000)
libmyproxy_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libmyproxy_gcc64dbg.so.0 (0x00007f7aa91d0000)
libpam.so.0 => /lib/libpam.so.0 (0x00007f7aa8fb1000)
libglobus_gss_assist_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_gss_assist_gcc64dbg.so.0 (0x00007f7aa8da1000)
libglobus_gssapi_gsi_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_gssapi_gsi_gcc64dbg.so.0 (0x00007f7aa8b7a000)
libglobus_gsi_proxy_core_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_gsi_proxy_core_gcc64dbg.so.0
(0x00007f7aa8966000)
libglobus_gsi_credential_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_gsi_credential_gcc64dbg.so.0
(0x00007f7aa8752000)
libglobus_gsi_callback_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_gsi_callback_gcc64dbg.so.0
(0x00007f7aa8546000)
libglobus_oldgaa_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_oldgaa_gcc64dbg.so.0 (0x00007f7aa833b000)
libglobus_gsi_sysconfig_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_gsi_sysconfig_gcc64dbg.so.0
(0x00007f7aa812c000)
libglobus_gsi_cert_utils_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_gsi_cert_utils_gcc64dbg.so.0
(0x00007f7aa7f25000)
libglobus_usage_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_usage_gcc64dbg.so.0 (0x00007f7aa7d20000)
libglobus_openssl_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_openssl_gcc64dbg.so.0 (0x00007f7aa7b1c000)
libglobus_xio_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_xio_gcc64dbg.so.0 (0x00007f7aa78a0000)
libglobus_openssl_error_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_openssl_error_gcc64dbg.so.0
(0x00007f7aa769a000)
libglobus_callout_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_callout_gcc64dbg.so.0 (0x00007f7aa7494000)
libglobus_proxy_ssl_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_proxy_ssl_gcc64dbg.so.0 (0x00007f7aa728e000)
libglobus_common_gcc64dbg.so.0 =>
/usr/local/globus-5.0.3/lib/libglobus_common_gcc64dbg.so.0 (0x00007f7aa7044000)
libltdl_gcc64dbg.so.3 =>
/usr/local/globus-5.0.3/lib/libltdl_gcc64dbg.so.3 (0x00007f7aa6e39000)
libm.so.6 => /lib/libm.so.6 (0x00007f7aa6bb6000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f7aa69b2000)
libssl.so.0.9.8 => /lib/libssl.so.0.9.8 (0x00007f7aa675f000)
libcrypto.so.0.9.8 => /lib/libcrypto.so.0.9.8 (0x00007f7aa63cf000)
libc.so.6 => /lib/libc.so.6 (0x00007f7aa604c000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f7aa5e12000)
/lib64/ld-linux-x86-64.so.2 (0x00007f7aa9411000)
libz.so.1 => /lib/libz.so.1 (0x00007f7aa5bfa000)
root@auth1:/var/log#
There is no problem with reading the CA certificate by openssl.
Did anybody experienced such a problem with the
certificate_issuer_subca_certfile?
Thanks,
Lukasz
