[Openca-Users] Adding certs to LDAP - IE certs failing - dn conflicts with base dn

Wed, 22 May 2002 02:57:37 -0700 


Hello,

I have installed openca(openca-0.9-SNAP-20020517) and openssl (openssl-SNAP-20020507) 
and openLDAP 2.0.23
(Note : I have not yet installed openssl-SNAP-20020221 as per R.Joop's advise)

My netscape user certificates are being uploaded to LDAP OK, and the CRL too is added 
to LDAP.

The CA Certificate, and IE user certificates are failing. Below is the debug output 
while inserting the certs of cacert and ie user cert.

1. Problems with adding certs :
>> IE User Cert ia failing because DN of certificate is in reverse order. Does this 
>mean, generation of IE certs need to be changed?
>> CA Cert is giving an unknown error 65. How can I upload the CACertificate?

Can anyone tell me what can be done?

2. For each Netscape user cert, there are 2 entries added - one with cert and one 
without cert. I found somebody else having the same problem, but not sure how this was 
resolved? 

3. Random State : I saw some mails exchanged regarding 'unable to write random state' 
. I am having this problem still. Should we manually create a .rand file anywhere? 


Thanks & Regards
Pramila
-------------------------------------------------
CA Certificate Adding Debug Info (last few lines)
-------------------------------------------------
node exists
Try to add 
[EMAIL PROTECTED],CN=openca.comtrust.co.ae,OU=OCA,o=ComtrustOCA,
 c=AE ...
LDAP Schema DN: 
[EMAIL PROTECTED],CN=openca.comtrust.co.ae,OU=OCA,o=ComtrustOCA,
c=AE
LDAP Schema -Code 
node exists
addLDAPattribute: DN=
[EMAIL PROTECTED],cn=openca.comtrust.co.ae,ou=OCA,o=ComtrustOCA,c=AE
attr: cACertificate;binary
LDAP Searchfilter: (cACertificate;binary=*)
LDAP Search Mesg-Code 0
LDAP Search Mesg-Count 1
Starting LDAP-modify: dn is
[EMAIL PROTECTED],cn=openca.comtrust.co.ae,ou=OCA,o=ComtrustOCA,c=AE
Unknown Error ( 65 ) 

     Certificate 0 FAILED

-------------------------------------------------
IE User Certificate Adding Debug Info (last few lines)
-------------------------------------------------
End of the information of the Object.
element of baseDN: o=ComtrustOCA
element of baseDN: c=AE
element of the inserted DN: serialNumber=04
element of the inserted DN: C=AE
element of the inserted DN: O=ComtrustOCA
element of the inserted DN: OU=Internet
element of the inserted DN: CN=PRIE User
Checking RootDN of Certificate ...
Inserted DN BaseDN
h_basedn: AE
h_dn: PRIE User
h_basedn_attribute: c
h_dn_attribute: CN
dn conflicts with basedn

     Certificate 4 FAILED

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to