Chris, Chris,
I think you got some permition problem. Check permition of your OpenCA directory (usually under /usr/local/OpenCA - Unix). It appear that your web server user (ex. apache or http) does not have rights to write to the directory. I hope this will help. Zoran -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Christopher Crowley Sent: Thursday, January 17, 2002 3:57 PM To: [EMAIL PROTECTED] Subject: [Openca-Users] Back to trying to get 0.8.1 working. Configuration Information: OpenCA (CA Manager Version 0.7.30) ------------------------------------------------------------------------ ---- ---- Module Version OpenSSL 0.8.58 Tools 0.4.3a DB 1.02 Configuration 1.5.2a TRIStateCGI 1.5.4 REQ 0.7.41 X509 0.9.15 CRL 0.7.61 PKCS7 0.4.21a ------------------------------------------------------------------------ ---- ---- I am going through the initialization process on CA server. I am able to do the following steps without errors: 1. Initialize Database 2. Generate new CA secret key; 3. Generate new CA Certificate Request (use generated secret key); 4. Export CA Certificate Request; But, when I try to: 5. Generate Self Signed CA Certificate (from altready generated request); I see this error in the error log: make: *** get{e}[gu]id: Operation not permitted. Stop. But, on the webpage the certificate appears to be generated (see certificate contents below). The next two initialization steps appear to function, but produce the same make error in the log. 6. Export CA certificate; 7. Import CA certificate ( approved by Root CA ); And finally Rebuild CA Chain fails 8. Rebuild CA Chain; Error 512 General Error. Error while rebuilding the CA chain in /usr/local/OpenCA/chain! rebuildChain make: *** get{e}[gu]id: Operation not permitted. Stop. Some additional data follows, which may be useful. Perhaps I need to completely clean all installed OpenCA contents, and try again. But if you have experienced this same problem, and were able to correct it without this step, please tell me how. Thanks in Advance, Chris <certificate contents> Following you can find the result of the generation process. Old certificate file is (private/cacert_13590.pem) Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: [EMAIL PROTECTED], O=Tulane University Test CA, C=US Validity Not Before: Jan 17 20:46:58 2002 GMT Not After : Jan 17 20:46:58 2004 GMT Subject: [EMAIL PROTECTED], O=Tulane University Test CA, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ae:20:e7:33:9d:97:ce:87:4d:ed:34:3d:af:a6: 6e:9a:7f:21:a8:48:e3:e3:34:bd:a4:18:7f:57:95: 2e:33:4e:33:10:cf:d0:5d:2d:e0:7d:fc:fb:e2:8d: 1f:cb:34:f5:c6:d1:86:6d:ed:4c:40:d8:53:b1:04: 6f:3d:c1:a9:42:60:83:15:74:54:b5:f1:fb:19:60: 95:24:d1:56:12:26:e5:00:6f:cf:66:76:71:85:90: b9:76:49:9e:1d:91:c5:62:4c:73:4d:b2:8a:51:e5: a9:19:ac:eb:d0:be:46:6d:05:d5:92:51:5a:b3:57: 94:b6:98:a8:08:03:23:31:87:6d:20:9f:80:40:8a: 43:69:f2:c2:21:a7:2e:47:a2:f2:e7:d6:99:14:40: 03:44:a7:f2:3c:9a:fa:08:12:92:d5:a9:3e:ca:24: 6c:db:13:80:3c:31:c7:8c:f7:81:7a:ff:47:af:69: d9:fa:bd:01:62:5b:01:5e:32:bf:1e:e6:66:a7:a3: 8c:17:11:9e:e0:1d:dc:42:52:00:1b:6d:49:1a:5e: a4:32:ad:d6:43:52:08:84:1b:b8:e0:22:97:91:84: ff:14:53:cd:8d:c6:6b:68:7d:da:6b:d0:04:75:f0: cb:12:05:0e:1c:73:b5:93:70:69:b8:f8:98:78:02: 2e:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 32:34:F3:CB:F5:0E:D0:4F:39:15:D7:70:C6:DF:28:17:58:41:FD:18 X509v3 Authority Key Identifier: keyid:32:34:F3:CB:F5:0E:D0:4F:39:15:D7:70:C6:DF:28:17:58:41:FD:18 X509v3 Key Usage: critical Digital Signature, Non Repudiation, Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Subject Alternative Name: URI:http://ca.tcs.tulane.edu/ X509v3 Issuer Alternative Name: URI:http://ca.tcs.tulane.edu/ Authority Information Access: CA Issuers - URI:http://ca.tcs.tulane.edu/ca/ca.html X509v3 CRL Distribution Points: URI:http://ca.tcs.tulane.edu/cgi-bin/getcrl Signature Algorithm: md5WithRSAEncryption a0:bf:82:fc:0f:39:1a:f8:59:32:34:95:51:40:ff:37:66:1d: 5f:2e:81:56:39:93:65:61:fc:ef:47:ea:8a:0f:6f:21:dc:e4: a8:53:04:db:ab:1d:59:1a:f1:ac:da:20:1b:f1:bf:29:d4:cb: c4:07:f3:f1:72:e9:33:78:73:6b:61:ad:b0:88:e1:b1:45:b1: fe:bb:d5:5e:0f:b5:4b:82:48:7e:f7:5f:82:93:7c:86:1e:a2: eb:12:44:73:d0:20:eb:f4:33:ab:30:2a:c7:3e:2f:9e:e8:c7: 08:e4:d7:98:11:f8:90:98:0c:c4:06:da:00:9e:cc:ee:50:52: c1:59:d9:be:50:f9:7c:ea:19:5b:a5:9f:46:ee:57:ee:57:da: 1c:cf:80:5a:cc:44:58:a0:2e:74:62:02:8a:a7:8a:b0:7e:9a: a9:bb:39:b4:06:80:23:eb:5b:14:6a:db:e1:94:fa:ec:b4:07: 1f:d5:94:62:f7:68:08:42:33:83:42:f3:8e:95:12:ec:85:46: d0:0d:96:df:6a:26:66:3a:69:f2:d2:b6:5c:f5:98:25:ba:dc: e7:54:77:45:da:41:7c:81:d2:31:41:5e:8d:3a:2e:3a:4e:62: 3c:b4:3d:c2:24:5d:39:9b:58:d7:76:d6:88:d6:8d:7b:ba:7e: ff:75:60:58 </certificate contents> <transcript from /usr/local/apache/logs/openca-error_log> Generating RSA private key, 2048 bit long modulus ...................+++ ............................+++ e is 65537 (0x10001) No value provided for Subject Attribute CN, skipped No value provided for Subject Attribute OU, skipped make: *** get{e}[gu]id: Operation not permitted. Stop. make: *** get{e}[gu]id: Operation not permitted. Stop. make: *** get{e}[gu]id: Operation not permitted. Stop. General Error Trapped 512: Error while rebuilding the CA chain in /usr/local/OpenCA/chain!<BR><BR><FONT SIZE=-1>rebuildChain<BR>make: *** get{e}[gu]id: Operation not permitted. Stop. </FONT><BR> at lib/misc-utils.lib line 71. Compilation failed in require at /usr/local/apache/cgi-ca/ca line 169. </transcript> _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
