Hello All,
I have big troubles getting the "token request" option to work.
I have got an axalto cryptoflex 32k e-gate token (using opensc/ct).
Directly using opensc/openSSL commands works fine. Also, Mozilla detects
my token ok and I am able to use it for mutual authentication.
In OpenCA, I can use this token to generate the keypair during an
automatic browser detection request.
Now I want to import a certificate and a keypair generated with OpenCA
on this token.
So, on the pub interface, I use the "Token Request" option, I fill in
the requested info for the RA Operator. Then, I have got the following
message
Error 690
Configuration error. Missing configuration key:
DN_TYPE_token_KEYGEN_MODE
The problem is already documented here by another user :
http://sourceforge.net/mailarchive/message.php?msg_id=10220380
the default config in the TOKEN section is
DN_TYPE_TOKEN_BODY "NO"
to be compared to the following, in the BASIC section
DN_TYPE_BASIC_BODY "YES"
DN_TYPE_BASIC_KEYGEN_MODE "SERVER"
I understand the DN_TYPE_TOKEN_BODY "NO" because the user does no create
a complete CSR but just sends info to the RA for a token request.
But as long as I do not add DN_TYPE_BASIC_KEYGEN_MODE "XXX", I won't
get any further.
So I made several attempts adding a DN_TYPE_TOKEN_KEYGEN_MODE "XXX"
line, with XXX being "TOKEN", "BASIC", "SERVER" or "SPKAC"
Then, I am able to send a "request" whose type is "HEADER".
On the RA side, I see the "Generate Private Key" option, but it will
fail any time with the following message :
"Error 690
Configuration Error. Missing Configuration Keyword(s) :
DN_TYPE_SPKAC_SUBJECTALTNAMES."
The error can come from the fact that I simply do not have a body for my
request and the RA is searching for one because of the KEY_MODE i had.
Any hint would be very welcome as I am stuck right now.
Another thing : I need some clarifications on the token.xml file.
I want to be able to import certs on the token but I don't want to use
my token as a CA token (that is, having my CA key on the token).
Do I nevertheless need to configure the config.xml (using CA opensc
token conf instead of CA openssl default token)?
I think the token thing would need further explanations on the OpenCA
guide, because it seems that I am not the only person a bit lost there.
Regards,
Pierre
Using Debian Sarge
OpenCA 0.9.2.1
OpenSSL 0.9.7e-2
-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
