Re: [Openca-Users] Error 7211021. There is a solution?

Tue, 26 Nov 2002 04:49:28 -0800 

CALinux wrote:

Hi everyone.
We always have the problem with error
Error 7211021 General Error. Cannot create request!
(OpenCA::REQ->new: Cannot create new request. Backend fails with errorcode 7712013 OpenCA::OpenSSL->genReq: Cannot >build X500::DN-object 


There is some solution? We must finish our project 10 december 2002.

If it's impossible to solve this bug we must choose another solution :-( 


What do you think about this certificate ;)



Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 238 (0xee)

        Signature Algorithm: sha1WithRSAEncryption

        Issuer: OU=DBI Test CA 2,O=Humboldt-Universitaet zu Berlin,C=DE

        Validity

            Not Before: Nov 26 12:40:03 2002 GMT

            Not After : Nov 26 12:40:03 2003 GMT

        Subject: 
[EMAIL PROTECTED],CN=Bell/Michael/MBELL10023456,description=C=Bell/N=Michael/D=07-11-2002,OU=Employees,O=Humboldt-Universitaet 
zu Berlin,C=DE

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

            RSA Public Key: (1024 bit)

                Modulus (1024 bit):

                    00:bd:f1:ea:3c:fb:5e:89:1f:d8:e3:c8:e4:2a:3e:

                    f1:63:2d:83:46:fd:ff:86:5c:2c:98:e6:d2:1e:96:

                    b3:34:dc:06:29:24:0d:5c:f3:b5:bc:91:2b:61:1b:

                    03:48:04:03:cd:71:0c:9a:b7:c0:4b:7d:91:8f:24:

                    20:18:e7:d3:94:7d:9f:31:3f:42:6f:22:84:5c:ab:

                    87:c4:c4:19:1e:89:b5:c6:71:28:90:5e:87:36:68:

                    9d:ed:7a:30:83:1e:3d:66:37:2d:f8:7a:56:1b:84:

                    5c:37:cb:6b:48:11:74:6a:bf:9e:94:4a:ac:05:b9:

                    95:8b:bd:8e:ab:e7:40:6a:c3

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Basic Constraints:

            CA:FALSE

            Netscape Cert Type:

            SSL Client, S/MIME

            X509v3 Key Usage:

            Digital Signature, Non Repudiation, Key Encipherment

            X509v3 Extended Key Usage:

            TLS Web Client Authentication, E-mail Protection, Microsoft 
Smartcardlogin

            Netscape Comment:

            User Certificate of Humboldt-Universitaet zu Berlin

            X509v3 Subject Key Identifier:

            2F:E5:DA:B9:CD:EE:B2:07:6C:35:5C:2B:E0:67:A1:01:B5:8E:C2:5E

            X509v3 Authority Key Identifier:



keyid:65:F9:96:86:9D:BB:4D:7F:60:E5:93:2F:1F:26:71:50:EF:69:E2:60

            DirName:/C=DE/O=Humboldt-Universitaet zu Berlin/OU=DBI Test 
CA 2

            serial:00



            X509v3 Subject Alternative Name:

            email:[EMAIL PROTECTED]

            X509v3 Issuer Alternative Name:





            Netscape CA Revocation Url:

            https://bellus.rz.hu-berlin.de/pub/crl/cacrl.crl

            Netscape Revocation Url:

            https://bellus.rz.hu-berlin.de/pub/crl/cacrl.crl

            X509v3 CRL Distribution Points:

            URI:https://bellus.rz.hu-berlin.de/pub/crl/cacrl.crl



    Signature Algorithm: sha1WithRSAEncryption

        c9:62:46:81:29:33:e2:f5:d6:b3:08:8d:fb:05:cb:c6:6e:2f:

        89:c6:32:81:1b:8e:00:05:e0:87:c5:0c:be:c3:fa:2d:a1:3e:

        79:de:86:49:c9:ca:35:21:2e:4e:f0:ad:35:e6:9a:40:51:f7:

        44:5c:ce:61:87:5e:af:80:d5:89:6e:83:b8:22:a9:3f:14:52:

        50:6e:dc:fb:94:9e:69:19:d0:35:1b:02:a7:d0:df:2e:ee:36:

        53:cf:60:d7:7a:59:14:90:5c:e7:41:54:d4:65:40:29:b0:e7:

        65:95:ae:80:08:d2:32:c5:3b:33:c7:0d:e0:99:59:bc:22:81:

        8c:9c:1b:72:89:ad:bc:f5:b1:fd:59:a2:56:a2:55:3e:3e:4f:

        9c:e0:ec:be:54:b6:a3:6f:e5:12:c0:f2:5f:44:01:a1:f7:be:

        55:91:5b:29:27:10:dd:43:72:e9:23:53:37:24:71:33:ae:8c:

        f9:40:7c:3f:7f:77:fa:aa:95:53:57:f7:71:21:14:86:20:46:

        80:45:c6:38:73:4e:bf:2b:a1:56:f9:ee:55:33:82:b0:0c:9f:

        d6:9e:e4:0d:f8:f0:b5:e2:58:a9:df:ad:69:9a:74:dd:24:8c:

        d0:96:b9:ad:e8:5e:94:cc:a8:cc:39:60:74:1e:23:ab:e1:31:

        e8:e2:44:a6



I will update pre-0.9.1-RC7 in some minutes. The problem is that like 
you can see OpenSSL has a wrong implementation of RFC 2253. The problem 
is that the text of RFC 2253 differs from the grammar (so it is an 
unclear RFC).



X500:DN from Robert is correct. I fixed OpenCA::OpenSSL, OpenCA::REQ and 
OpenCA::X509 to tolerate OpenSSL's bug.



Best Regards



Michael



P.S. the time of your computer is one day ahead.

--

-------------------------------------------------------------------

Michael Bell                   Email (private): [EMAIL PROTECTED]

Rechenzentrum - Datacenter     Email:  [EMAIL PROTECTED]

Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482

Unter den Linden 6             Fax:  +49 (0)30-2093 2959

10099 Berlin

Germany                                       http://www.openca.org







-------------------------------------------------------

This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en

_______________________________________________

Openca-Users mailing list

[EMAIL PROTECTED]

https://lists.sourceforge.net/lists/listinfo/openca-users






















					Reply via email to