I have some experience of this, but no time to discuss now. I shall write more on Monday morning.
Chris... > Hi > > I've such problem. Installed openca 0.9.2 > Installed openssl-0.9.7 > > Configured openssl and openca. Right know when > i'm starting openca i have to login to Luna so > this is fine. > > Right now i have a problem witch is: > Generate new CA secret key (from openca menu) <- schould i create it if > my secret key is on LunaCa3 ? > Anyway i'm creating it and it is in DER format,but couldn't be > read in any way > > /usr/luna_ssl/bin/openssl rsa -engine LunaCA3 -inform DER > -in /usr/local/pki/var/crypto/keys/cakey.pem -text > ofcourse i'm login in this session to Luna and have initialized token. > > engine "LunaCA3" set. > unable to load Private Key > 1679:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad > tag:a_set.c:179: > 1679:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:tasn_dec.c:939: > 1679:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error:tasn_dec.c:304:Type=RSA > 1679:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 > lib:d2i_pr.c:96: > > If i try to read it as a PEM i got inform that there is iqmp missing. > And also when trying to do req (from openca Administrative) i also got > error. > First i'm executing this command from web > > req -new -config /usr/local/pki/etc/openssl/openssl.cnf -subj > "/C=PL/O=BLA/OU=Pixel Technology/CN=BLE/[EMAIL PROTECTED]" > -engine LunaCA3 -keyform PEM > -key /usr/local/pki/var/crypto/keys/cakey.pem > -out /usr/local/pki/var/crypto/reqs/careq.pem > > and got this error > OpenCA::OpenSSL->genReq: Cannot execute command (7777067). engine > "LunaCA3" set. > unable to load Private Key > 1928:error:0D078079:asn1 encoding routines:ASN1_ITEM_EX_D2I:field > missing:tasn_dec.c:391:Field=iqmp, Type=RSA > 1928:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 > lib:d2i_pr.c:96: > 1928:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 > lib:pem_pkey.c:117: > error in req > > I've try to google something without success. Waiting for help. > > Rastlin > > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ OpenCA-Devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-devel
