Dear friends,
I'm getting an error verifying the trust in CA due to OpenSSL.I have created
using SimpleCA a CA and install its files in my clients without any problems.
However, one of my clients can't verify the CA hash because it is taking the CA
hash as if it was using the old OpenSSL version which used other hash type. I
mean,My CA has the following hash (which is created with OpenSSL 1.0.0e):
c03c42acHowever, after installing it in the client (Ubuntu 11.10) and try to
use "grid-proxy-init -debug -verify" it can't verify it as it says it can't
find trust in the CA with hash a784f43d.
I checked that the hash is asking me for is the same hash but calculated with
the old OpenSSL version of my CA:openssl x509 -hash -noout <
/etc/grid-security/certificates/c03c42ac.0-> c03c42acopenssl x509
-subject_hash_old -noout < /etc/grid-security/certificates/c03c42ac.0-> a784f43d
I don't know how to solve this. I found a tool that converts old hash files
into new hash files (http://www.cilogon.org/openssl1) but mines are already the
new ones so it makes no change and the error remains. I have tried to uninstall
libssl0.9.8 but it uninstalls grid-proxy-utils as well and if reinstall the
package it installs libssl0.9.8.What can I do to avoid this problem?
Thanks in advance!
Asier
