Dne p� 19. duben 2002 23:27 jste napsal(a): > This is the error I would get if the service email account wasn't > configured: > > Error 690 > Configuration Error. You must specify at minimum a mail account for the > CA (SERVICE_MAIL_ACCOUNT)!. > > This is something else: > > Error 700 > General Error. Cannot encrypt PIN-mail! Aborting! > > This is what I get in error.log of apache: > > Using configuration from /usr/local/OpenCA/etc/openssl/openssl.cnf > Using configuration from /usr/local/OpenCA/etc/openssl/openssl.cnf > Using configuration from /usr/local/OpenCA/etc/openssl/openssl.cnf > unknown option -pubkey > req [options] <infile >outfile > where options are > -inform arg input format - DER or PEM > -outform arg output format - DER or PEM > -in arg input file > -out arg output file > -text text form of request > -noout do not output REQ > -verify verify signature on REQ > -modulus RSA modulus > -nodes don't encrypt the output key > -engine e use engine e, possibly a hardware device > -subject output the request's subject > -passin private key password source > -key file use the private key contained in file > -keyform arg key file format > -keyout arg file to send the key to > -rand file:file:... > load the file (or the files in the directory) into > the random number generator > -newkey rsa:bits generate a new RSA key of 'bits' in size > -newkey dsa:file generate a new DSA key, parameters taken from CA in > 'file' > -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4) > -config file request template file. > -subj arg set or modify request subject > -new new request. > -batch do not ask anything during request generation > -x509 output a x509 structure instead of a cert. req. > -days number of days a certificate generated by -x509 is valid > for. > -set_serial serial number to use for a certificate generated by > -x509. > -newhdr output "NEW" in the header lines > -asn1-kludge Output the 'request' in a format that is wrong but some > CA's > have been reported as requiring > -extensions .. specify certificate extension section (override value in > config file) > -reqexts .. specify request extension section (override value in > config file) > -utf8 input characters are UTF8 (default ASCII) > Using configuration from /usr/local/OpenCA/etc/openssl/openssl.cnf > Using configuration from /usr/local/OpenCA/etc/openssl/openssl.cnf > Using configuration from /usr/local/OpenCA/etc/openssl/openssl.cnf > Using configuration from /usr/local/OpenCA/etc/openssl/openssl.cnf > unknown option -pubkey > req [options] <infile >outfile > where options are > -inform arg input format - DER or PEM > -outform arg output format - DER or PEM > -in arg input file > -out arg output file > -text text form of request > -noout do not output REQ > -verify verify signature on REQ > -modulus RSA modulus > -nodes don't encrypt the output key > -engine e use engine e, possibly a hardware device > -subject output the request's subject > -passin private key password source > -key file use the private key contained in file > -keyform arg key file format > -keyout arg file to send the key to > -rand file:file:... > load the file (or the files in the directory) into > the random number generator > -newkey rsa:bits generate a new RSA key of 'bits' in size > -newkey dsa:file generate a new DSA key, parameters taken from CA in > 'file' > -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4) > -config file request template file. > -subj arg set or modify request subject > -new new request. > -batch do not ask anything during request generation > -x509 output a x509 structure instead of a cert. req. > -days number of days a certificate generated by -x509 is valid > for. > -set_serial serial number to use for a certificate generated by > -x509. > -newhdr output "NEW" in the header lines > -asn1-kludge Output the 'request' in a format that is wrong but some > CA's > have been reported as requiring > -extensions .. specify certificate extension section (override value in > config file) > -reqexts .. specify request extension section (override value in > config file) > -utf8 input characters are UTF8 (default ASCII) > Using configuration from /usr/local/OpenCA/etc/openssl/openssl.cnf > Using configuration from > /usr/local/OpenCA/etc/openssl/openssl/CA_Admin.conf > Check that the request matches the signature > Signature ok > The Subject's Distinguished Name is as follows > commonName :PRINTABLE:'Ziemowit Pierzycki' > organizationalUnitName:PRINTABLE:'Trustcenter' > organizationName :PRINTABLE:'Teleformix LLC' > countryName :PRINTABLE:'US' > serialNumber :PRINTABLE:'01' > Certificate is to be certified until Apr 19 21:08:36 2003 GMT (365 days) > > Write out database with 1 new entries > Data Base Updated > unable to write 'random state' > unable to write 'random state' > General Error Trapped 700: Cannot encrypt PIN-mail! Aborting! at > /usr/local/OpenCA/lib/functions/misc-utils.lib line 38. > Compilation failed in require at /home/httpd/cgi-bin/ca/ca line 193.
Try install some april openssl snap. It knows the -pubkey option and fixes "PIN-mail" problem. But there is a new email problem with x509 extensions. Michael says he try to fix it in some next openca snap. (see emails with the same subject from last week) Michael please, could you mail me with info about snaps you used, when you finish fixing it? thanks -- =================================== Josef "jose" Vesely mail: [EMAIL PROTECTED], ICQ: 27347332 Faculty of Informatics, Masaryk university Brno, Czech Republic =================================== _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
