Dear List,
we have encountered an error while trying to revoke a web server certificate that was created/signed 'by hand' with openssl, not with OpenCA. Details:
OpenCA 0.9.2.1 running on debian/unstable with perl 5.8.4, openssl/libssl 0.9.7e-2 and apache 1.3.33-2. The error message is:
Error 6841
General Error Error while revoking Certificate!
OpenCA::OpenSSL returns errorcode 7732073 (OpenCA::OpenSSL->revoke: OpenSSL failed (7777067). Using configuration from /usr/local/pki/openca-0.9.2.1/OpenCA/etc/openssl/openssl.cnf
DEBUG[load_index]: unique_subject = "yes"
ERROR:name does not match /C=**/O=**********/OU=*********/CN=***.****.**
error in ca).
(The DN above was blanked out intentionally, it DOES match the DN in the cert!)
Although the cert was not created with OpenCA, it seemed to work fine, you could see it in the db, check its validity etc. Curiously, the certificate contained the private key as well - this was seemingly the only difference between this certificate and other server certificates issued by OpenCA. Truncating the certificate (removing the private key from the end) has not helped though...
Any ideas? Thanks in advance, Cheers
Szabolcs
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
