Hello Michael,
>How do you get this CRIN? Via encrypted email?
>
Yes, via encrypted email.
>
> I cannot get this hash from OpenSSL neither with
> 1111111111 nor with
> TMS... I also tried it with trailing newline and
> without.
What if the CSR is made without PIN?
>
> > PIN in clear text:
> > 1111111111 (1 10 times)
>
I'm sorry, I didn't use a PIN to make this CSR, so
passwd1 =
passwd2 =
Are empty when requesting the certificate. but that
wouldn't be important when requesting the CRR, right?
cause with the explanation you have just given me, I
only use the CRIN and that hashed CRIN should match
the PIN in the header of cert
> 1. What does the value be of USE_REQUEST_PIN in
> ca.conf?
USE_REQUEST_PIN NO
> 2. PIN in the header of the request is the sha1 hash
> of the PIN.
> 3. PIN in the header of the cert is the sha1 hash of
> the CRIN.
mmmm, I don't know why this is different from what
openssl gives me in the console :-(
> 4. If USE_REQUEST_PIN=YES then the two PINs in the
> headers are identical.
I'm using only one db for all pki stuff (online,
offline, ldap, etc) does it has any consequences in
those results?
I'm going to make another new complete test :-)
What do you think?
thanks a lot,
Johnny
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
http://correo.yahoo.es
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
