Hello Michael,
> Put the PKCS#10 request with the header and the
> signature together, copy
> it into the DATA column of the request table and set
> the status column
> to APPROVED.
Yes that is what I'm actually doing, and changing
PKCS#10 to PKCS#10 with PKCS#7 Signature
But OpenCA doesn't verify correctly the signature so,
as Dalini told me before, maybe it's a problem related
to cr/lf.
When I see the "approved" CSR in the CA the error from
the Signature Error is:
Error 560
General Error. Signature Object not returned, check
the openca-verify command. Cannot build PKCS#7-object
from extracted signature!
OpenCA::PKCS7 returns errorcode 7911031
(OpenCA::PKCS7->new: Cannot initialize signature
(7912021). OpenCA::PKCS7->initSignature: Cannot parse
signature (7921021). OpenCA::PKCS7->getParsed: The
crypto-backend cannot verify the signature (7742075).
OpenCA::OpenSSL->verify: openca-sv failed. [Error]:
Digest mismatch. Signature is wrong.
[Info]: Input file intialized.
[Info]: Signaturefile initialized.
[Info]: Reading Certificate file.
[Info]: PKCS#7 object loaded.
[Info]: Data is ready for verification.
[Info]: Signature Informations (PKCS#7):
depth:1 serial:00
subject:[EMAIL PROTECTED],CN=camanager,OU=Internet,O=certicamara,C=CO
depth:0 serial:03
subject:serialNumber=3,CN=radmin,OU=Internet,O=Certicamara,C=CO
[Info]: Signature is corrupt. Errorcode -1.
signature:error:-1
)..
>
> This is what approveCSR does. You have to verify of
> course that OpenCA
> can verify your signatures. I don't recommend you to
> try to ue
> approveCSR because this command only works inside of
> the complete OpenCA
> server framework.
>
> Michael
> --
>
_______________________________________________________________
>
> Michael Bell
> Humboldt-Universitaet zu Berlin
>
> Tel.: +49 (0)30-2093 2482 ZE Computer- und
> Medienservice
> Fax: +49 (0)30-2093 2704 Unter den Linden 6
> [EMAIL PROTECTED] D-10099 Berlin
>
_______________________________________________________________
>
> ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s
______________________________________________
Renovamos el Correo Yahoo!: �250 MB GRATIS!
Nuevos servicios, m�s seguridad
http://correo.yahoo.es
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
OpenCA-Devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-devel
