Re: [Openca-Users] Urgent! Sign is needed to proceed and the others.

Fri, 07 Jun 2002 16:59:23 -0700 

Han Giang Le Ha wrote:
> 
> Hi all,

Hi,

> I know that it's an old problem, but I still don't know the way to solve
> it perfectly. Can you help me? /*I'm just a student researching about it
> for my project*/.

You'll solve the problem when:

        1. Use Netscape 4.x
        2. Have a valid certificate installed (the verify gives
           returns successfully).
 
> And the others,
> 1. I found an error occurs in error.log file like that:
> error:0B081076:x509 certificate routines:NETSCAPE_SPKI_b64_decode:base64 decode 
>error:x509spki.c:90:
> Error loading SPKAC
> 
> Why is it that?

The SPKAC stands for "Signed Public Key and Challenge" and it is the format
for the Netscape's request. It is not the most "standard" format but it has
some advantages over the PKCS#10, first of all it is very easy to deal with
it.
 
> 2. I import the RA Certificate to Netscape Communicator but when verifying
> it I found this error message:
> 
> Verification of the selected certificate failed for the following reasons:
> DiCERT's RA Operators Not certified for e-mail.
> 
> and when I approve a request, I found...sign is needed to proceed! as I told you.

The reason you get this error is probably tied to the verification problems
you have: try editing the profile used for issuing the certificate and check
especially for the KeyUsage extensions. You should have a config like this:

        nsCertType = client, email

        # This is typical also
        keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment,
                                                        dataEncipherment, keyAgreement

        extendedKeyUsage= clientAuth, emailProtection

-- 

C'you,

        Massimiliano Pala

--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]               madwolf at cpan.org
                                                       madwolf at openca.org
http://www.openca.org                             madwolf at hackmasters.net
http://openca.sourceforge.net                    Mobile: +39 (0)347 7222 365

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to