Hi everibody,
i have yet an error during ca writing in ldap. I've update
ldap-utils.lib and i
include pkiCA.schema in my ldap. I change in the slapd.conf the rootdn
to the
same value that my CA certificate but for this part i'm really not
sure, it is that
i should do?(and for the suffix i don't know very well).
When i try to import configuration now i've got :
Automatic LDAP-update is activated
Importing valid
CA_CERTIFICATE ...
WARNING: Cannot update object but object is present in database
FILE: /srv/ra//OpenCA/var/tmp/tmp_9321/CA_CERTIFICATE/VALID/0e6caea2b695d280ef704c7fed0b0738.pem
Importing
CA-Certificates into ldap ... ldap-utils.lib: LDAP_get_ca: try to
determine the newest CA-cert
ldap-utils.lib: LDAP_get_ca: check NOTBEFORE 20030716134337
ldap-utils.lib: LDAP_get_ca: newer ca-cert found
ldap-utils.lib: LDAP_get_ca: notbefore: 20030716134337
ldap-utils.lib: LDAP_get_ca: ca:
OpenCA::X509=HASH(0x8b51cf8)
ldap-utils.lib: LDAP_get_ca: return newest ca
Information of the Object:
dn
[EMAIL PROTECTED],CN=ca,OU=objectweb,O=inria,C=FR
cn ca
serID 0
email [EMAIL PROTECTED]
ou ARRAY(0x8b6d7d4)
o inria
l
st
c FR
End of the information of the Object.
Cannot write CA-Certificate 0e6caea2b695d280ef704c7fed0b0738 to LDAP
Make CA-Certificate
available on the server ...OK.
Re-Building CA Chain
... Ok.
Clean up ...Ok.
Should i remove the email adress from the CA certificate?
alex
[EMAIL PROTECTED] wrote:
Hi Michael, Hi Alex, Hi list!
So, It looks like Alex and I have the same problem.
I've post a question last week and Nicholas told me that may be the problem
is caused because there is an e-mail adress in the CA cert. I've not made
changes for this.
So I follow the Michael's recommendations. I've update the ldap-utils.lib with
the file atached and I made a PKI-OpenCA.schema file with the atachment part
corresponding for this and include this in slapd.conf.
So when i try to start up my slapd but an error happened "Duplicate
objecClass ", I've found that my core.schema includes objectClass definitions
2.5.6.21 and 2.5.6.22
objectclass ( 2.5.6.21 NAME 'pkiUser'
DESC 'RFC2587: a PKI user'
SUP top AUXILIARY
MAY userCertificate )
objectclass ( 2.5.6.22 NAME 'pkiCA'
DESC 'RFC2587: PKI certificate authority'
SUP top AUXILIARY
MAY ( authorityRevocationList $ certificateRevocationList $
cACertificate $ crossCertificatePair ) )
So I leave this without changes and jus comment the parallel lines in
PKI-OpenCA.schema
I've tried again and the result is the same :
Importing the RBAC-configuration ... Ok.
LDAP-support is activated
Automatic LDAP-update is activated
Importing valid CA_CERTIFICATE ...
WARNING: Cannot update object but object is present in
database
FILE:
/hdc1/ra/OpenCA/var/tmp/tmp_5427/CA_CERTIFICATE/VALID/ab4660f3f24b77867d856f11f5d7e159.pem
Importing CA-Certificates into ldap ... addLDAPattribute: DN=
[EMAIL PROTECTED],cn=Autoridad Certificadora
IMP,ou=Seguridad
Informatica,o=IMP,c=MX
attr: cACertificate;binary
LDAP Searchfilter: (cACertificate;binary=*)
LDAP Search Mesg-Code 32
LDAP Search Mesg-Count 0
Search for the attribute failed.
Cannot write CA-Certificate
ab4660f3f24b77867d856f11f5d7e159 to LDAP
Make CA-Certificate available on the server ...OK.
Re-Building CA Chain ... Ok.
Clean up ...Ok.
I don't know where is the problem?
Is it possible add the certificates manually?
Alexandre, if you have solved this problem please tell me what did you do?
I'm still trying to surpass this little problem
ZAINOS
-------------------------------------------------
Obtén tu correo en www.correo.unam.mx
UNAMonos Comunicándonos
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
|
