Ok, i followed the instructions. i have generated my ca certificate with
the dn-style.
then i try to issue the certificate for the RA Operator
Request Version: 0 (0x0)
Serial Number: 256
Request Type: PKCS#10
Common Name: ra admin 1
E-Mail: [EMAIL PROTECTED]
Subject Alternative Name:
email:[EMAIL PROTECTED]
Role: RA Operator
Distinguished Name: serialNumber=cert's serial, CN=ra admin 1,
OU=certification authority, DC=unitn, DC=IT
Approved on: n/a
Used Identification PIN: 01b307acba4f54f55aafc33bb06bbbf6ca803e9a
Modulus (key size): 1024
Public Key Algorithm: rsaEncryption
Public Key:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxvyvsyDdptKh/yzmNLkIYeg8r
uKGIMM6JU4aSFCH4MOcqsKuBRDu0Alg5dJ2pzia8T0LLkp0JqusG/maKLAdNNCpl
bmLr9cWwdyBgAhPnusdeGZ74ENV9nyj+HbrROjJ1bv8EerOg84YGBywy1Lzfpfcz
O9bBl9jxfORaxazxHwIDAQAB
-----END PUBLIC KEY-----
Signature Algorithm: sha1WithRSAEncryption
on issuing the certificate i obtain the error
Error 6751
General Error. Error while issuing Certificate to ra admin 1 (filename:
/srv/ca/OpenCA/var/tmp/01.req).
OpenCA::OpenSSL returns errocode 7731071 (OpenCA::OpenSSL->issueCert:
OpenSSL fails (256).)..
what is wrong?
Matteo
On Thu, 2003-06-05 at 09:32, Pierre Scholtes wrote:
>
>
>
> matteo degasperi
> <[EMAIL PROTECTED]>
> Envoy� par :
> [EMAIL PROTECTED]
>
> 04.06.2003 16:24
>
> Pour :
> [EMAIL PROTECTED]
> cc :
> Objet :
> [Openca-Users] Ldap dc
> style
>
>
> >hi,
> >I'm new to openCA. I use the version 0.9.1-1
> >
> >
> >i want to integrate the certification authority with an existing ldap
> >server of users.
> >My ldap uses the dc style for the record and openca uses the style
> ou=
> >u= c=
> >
> > which configuration files must i change?
>
> The files you have to change to use dc-style are listed in section
> 2.2.3.1 in the OpenCA Guide.
>
> They are:
>
> 1) .conf files in <INSTALL_DIR>/ca/OpenCA/etc/servers and
> <INSTALL_DIR>/ra/OpenCA/etc/servers you have to change the lines
> basedn and ldaproot to something like:
> basedn "dc=your_company, dc=your_country"
> ldaproot "cn=admin,dc=your_company,dc=your_country"
> the correspondances between the entries in the openca conf files and
> the slapd.conf of your ldap server are the following: basedn=suffix,
> ldaproot=rootdn, ldappwd=rootpwd
>
> In these files you have also to change the configuration of the
> requests because they are prepared for the old style. Basically change
> the lines DN_TYPE_IE_BASE "O" "C" to DN_TYPE_IE_BASE "DC" "DC".
>
> 2) Check the .html files because several of them display the suffix of
> the DNs
> 3) Edit the certsMail.txt file in
> <Installation_Path>/ra/OpenCA/lib/servers/ra/mails/
> 4) In the files in <Installation_PATH>/ca/OpenCA/etc/openssl/openssl
> and <Installation_PATH>/ca/OpenCA/etc/openssl/openssl you have to
> adapt the policy section to the new situation. (as you do no longer
> provide a country (c) field you can not have set country to supplied
> in the pilicy section; change it to optional ... etc)
>
> >
> >thanks at all.
> >
> >Matteo
> >
> >
> >
> >-------------------------------------------------------
> >This SF.net email is sponsored by: Etnus, makers of TotalView, The
> best
> >thread debugger on the planet. Designed with thread debugging
> features
> >you've never dreamed of, try TotalView 6 free at www.etnus.com.
> >_______________________________________________
> >Openca-Users mailing list
> >[EMAIL PROTECTED]
> >https://lists.sourceforge.net/lists/listinfo/openca-users
>
>
> Pierre
>
> _________________________
> Pierre Scholtes
> Unicible
>
> tel: +41 (0)21 644 6111
> fax: +41 (0)21 644 6300
> mailto:[EMAIL PROTECTED]
> http://www.unicible.ch
-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
