got the same thing on my end, just crafting an email about it which I'll just copy here:
I am seeing a similiar error when trying to issue certficates. I've got the error each time I try to issue and I think it's related to the .conf files (both user & webserver) possibly conflicting with ca.conf [CA_default] variable serial=$dir/serial. Here is the complete error as displayed in the browser: Error 6757 General Error. Error while storing the request's serial in cert-object This is consistant whether it's for an user or web server, etc. I've listed that apache logs below. What leads me to believe that it's a variable conflict is that for each of the certificates I've tried to issue, the application seems to think that the serial number is '01', which is the serial number of the CA certificate. The serial number for the user cert was '544', and the web cert was '800'; yet as indicated in the apache logs below, each time it listed the serial number as '01'. (thus it cannot store in cert-object [?] ) It appears to me that somewhere in the code (just beginning to look) $serial is being called which conflicts with the actual serial number listed in $OPENCADIR/var/crypto/serial. (<- serial as defined in .conf files) It noted that the serial file was updated (same value, diff timestamp) when I did my last import. Here's the apache log for a user cert: Using configuration from /usr/local/OpenCA/etc/openssl/openssl/User.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' organizationName :PRINTABLE:'Teleformix LLC' organizationalUnitName:PRINTABLE:'Internet' commonName :PRINTABLE:'Ron Gedye' serialNumber :PRINTABLE:'01' ERROR: adding extensions in section default 5004:error:2206D06C:X509 V3 routines:X509V3_parse_list:invalid null name:v3_utl. c:319: 5004:error:2206B069:X509 V3 routines:X509V3_EXT_conf:invalid extension string:v3 _conf.c:138:name=subjectAltName,section= 5004:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf. c:92:name=subjectAltName, value= unable to write 'random state' General Error Trapped 6757: Error while storing the request's serial in cert-obj ect at /usr/local/OpenCA/lib/functions/misc-utils.lib line 38. Compilation failed in require at /home/httpd/cgi-ca/ca/ca line 193. Here's the apache log for a web server cert: Using configuration from /usr/local/OpenCA/etc/openssl/openssl/Web_Server.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'Illinios' localityName :PRINTABLE:'Schaumburg' organizationName :PRINTABLE:'Teleformix LLC' organizationalUnitName:PRINTABLE:'Security Management' commonName :PRINTABLE:'security.teleformix.com' serialNumber :PRINTABLE:'01' ERROR: adding extensions in section default 13552:error:2206D06C:X509 V3 routines:X509V3_parse_list:invalid null name:v3_utl .c:319: 13552:error:2206B069:X509 V3 routines:X509V3_EXT_conf:invalid extension string:v 3_conf.c:138:name=subjectAltName,section= 13552:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf .c:92:name=subjectAltName, value= unable to write 'random state' General Error Trapped 6757: Error while storing the request's serial in cert-obj ect at /usr/local/OpenCA/lib/functions/misc-utils.lib line 38. Compilation failed in require at /home/httpd/cgi-ca/ca/ca line 193. ----- Original Message ----- From: "APM" <[EMAIL PROTECTED]> To: "Michael Bell" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, July 29, 2002 2:30 PM Subject: Re: [Openca-Users] inital operator certificate problem > Just a note. I noticed that from the log below it > shows serialNumber is 01 (serialNumber :PRINTABLE:'01'), > however when I created the first initial administrator certificate and > view it, Serial Number has a value of 256. > Goodness, it's now making me dizzy. :-) > > > > > ----- Original Message ----- > From: "APM" <[EMAIL PROTECTED]> > To: "Michael Bell" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, July 29, 2002 12:51 PM > Subject: Re: [Openca-Users] inital operator certificate problem > > > > Im using openssl-0.9.8-1.i386.rpm and openssl-devel-0.9.8-1.i386.rpm > > because if i configure openca-0.9-RC1.tar.gz on redhat 7.3 with > > with version lower than 0.9.8-1 openca complains and says > > that i have to use newer version. > > > > > > Following is what my apache error log is showing. > > > > Using configuration from > /usr/local/OpenCA/etc/openssl/openssl/CA_Operator.conf > > Check that the request matches the signature > > Signature ok > > The Subject's Distinguished Name is as follows > > countryName :PRINTABLE:'CA' > > organizationName :PRINTABLE:'NRNS Inc.' > > organizationalUnitName:PRINTABLE:'Internet' > > commonName :PRINTABLE:'Network Coordinator' > > serialNumber :PRINTABLE:'01' > > ERROR: adding extensions in section default > > 31839:error:2206D06C:X509 V3 routines:X509V3_parse_list:invalid null > name:v3_utl > > .c:319: > > 31839:error:2206B069:X509 V3 routines:X509V3_EXT_conf:invalid extension > string:v > > 3_conf.c:138:name=subjectAltName,section= > > 31839:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in > extension:v3_conf > > .c:92:name=subjectAltName, value= > > General Error Trapped 6755: Error while opening > > /usr/local/OpenCA/var/crypto/certs/01.pem. > > OpenCA::X509 returns errorcode 7411021 (OpenCA::X509->new: Cannot initialize > cer > > tificate (7412011) > > OpenCA::X509->initCert: No certificate present.). at > /usr/local/OpenCA/lib/funct > > ions/misc-utils.lib line 38. > > Compilation failed in require at /usr/local/apache/cgi-bin/ca/ca line 193. > > > > > > ----- Original Message ----- > > From: "Michael Bell" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Saturday, July 27, 2002 12:15 PM > > Subject: Re: [Openca-Users] inital operator certificate problem > > > > > > > APM schrieb: > > > > > > > > I installed both openssl-0.9.8-1.i386.rpm. > > > > and openssl-devel-0.9.8-1.i386.rpm. > > > > > > 1. You need only an actual 0.9.7. These versions are much mor stable > > > than 0.9.8-snaps. > > > 2. What is the value of the option openssl in > > > OPENCADIR/etc/servers/ca.conf? This must be the correct openssl. You can > > > test it via openssl version. > > > 3. Check the content of > > > OPENCADIR/etc/openssl/(openssl|extfile)/CA_Operator.(conf|ext). > > > > > > Michael > > > > > > P.S. does OpenSSL don't report what is the problem with the extensions > > > (in Apache's error.log)? Normally there is a longer errormessage from > > > OpenSSL. > > > -- > > > ------------------------------------------------------------------- > > > Michael Bell Email (private): [EMAIL PROTECTED] > > > Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] > > > Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 > > > Unter den Linden 6 Fax: +49 (0)30-2093 2959 > > > 10099 Berlin > > > Germany http://www.openca.org > > > > > > > > > ------------------------------------------------------- > > > This sf.net email is sponsored by:ThinkGeek > > > Welcome to geek heaven. > > > http://thinkgeek.com/sf > > > _______________________________________________ > > > Openca-Users mailing list > > > [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/openca-users > > > > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by: Dice - The leading online job board > for high-tech professionals. Search and apply for tech jobs today! > http://seeker.dice.com/seeker.epl?rel_code=31 > _______________________________________________ > Openca-Users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
