Massimiliano Pala wrote:
>
> Bernd Schmitt wrote:
>
> > I've the same problem. After reading this mail I installed openssl-SNAP-20010613.
> > Now I get the following error in my webserver errlog, when I tried to generate a\
> > CA Cert Request.
> >
> > ----------------------------------snip-----------------------------------
> > Generating RSA private key, 2048 bit long modulus
> > .................+++
> > ..............................................................................+++
> > unable to write 'random state'
> > e is 65537 (0x10001)
> > Using configuration from /usr/local/OpenCA/conf/openssl/openssl.cnf
> > Enter pass phrase for /usr/local/OpenCA/private/cakey.pem:
> > aborted!
> > unable to load Private Key
> > 15960:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:430:
> > Can't call method "getTXT" on an undefined value at cmds/genCAReq line 70, <FD>
>line 32.
> > Compilation failed in require at /usr/local/httpd/cgi-bin/cgi-ca/ca line 160, <FD>
>line 32.
> > -----------------------------------snap-----------------------------------
>
> This error seems to be more openssl-related than openca, at least if nothing
> major have been modified in parameters handling (-passin ??? ). To be checked.
> If you find it working with another SNAP (previous or future) please report
> it to the list...
I tried now the newest SNAP (20010619) and things become even more worse. Now it's no
more possible to generate a new secret key. The WWW log looks like that:
-------------------------------------snip---------------------------
Generating RSA private key, 2048 bit long modulus
....................+++
......+++
unable to write 'random state'
e is 65537 (0x10001)
Enter pass phrase for /usr/local/OpenCA/private/cakey.pem:
User interface error
4763:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:pem_lib.c:366:
-----------------------------------snap---------------------------------
and the browser shows:
-----------------------------------snip---------------------------------
Following you can find the result of the generation process. genSKey
ERROR:
------------------------------------snap---------------------------------
Older openssl SNAPS are not aviable. What to do now for starting testing
openca v 0.8 ? Is it possible, to provide a set of patches for openssl which
will work with openca-0.8 ? Or do you have a working SNAP of openssl ?
>
> > I'am testing pre0.8 (10.6.2001). Another Problem i've seen when requesting a
> > certificat (netscape request). This was not on the pre-0.8 version before.
> > -----------------------------snip--------------------------------
> > Content-type: text/html
> >
> > Software error:
> >
> > Can't use string ("VALUE="client-filled-form"") as a HASH ref while "strict refs"
>in use at
> > /usr/lib/perl5/site_perl/5.6.0/OpenCA/TRIStateCGI.pm line 147.
> > -----------------------------snap--------------------------------
> >
> > This failure is seen in the browser window. In the webserver logs is shown nothing.
>
> Try updating the OpenCA-TRIStateCGI to the last version. It could be an error
> related to the way the CGI.pm module has changed in perl 5.6.1 -- let me know
> versions of PERL and TRISTateCGI used (and OS).
My first trials where made on a SuSE 7.1 System. But after updating to SuSE 7.2
there was no difference. Perl version on both installations is 5.6.0 and TRISTateCGI
is
version 1.5.4.
Installing TRISTateCGI 1.5.3 on the same openca-0.8-SNAP gives the same failure.
>
> --
>
> C'you,
>
> Massimiliano Pala
>
> --o-------------------------------------------------------------------------
> Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> http://www.openca.org Tel.: +39 (0)59 270 094
> http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
Regards - Bernd
--
Bernd Schmitt
saardata GmbH
SD/B
Hafenstr. 25
66111 Saarbruecken
Tel: +49 (0)681 405-2457
Fax: +49 (0)681 405-1073
mailto:[EMAIL PROTECTED]
http://www.saardata.de
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-users
