I made a mistake on configuring openCA: on the root-ca i removed in .../etc/openssl/openssl the unused role configurations - including Sub-CA.conf ;-) This results - like not importing a new role on ca as mentioned in an other mail - that issuing the correspondend certificate fails without notice.
Regards, Gottfried
--------------- Problem was:
This
I forgot to update the script importCACert. Please try the attached version.
and this
Usually this happen if the CA certificate is not a pure PEM certificate remove anything else from the certificate including OpenCA headers. There should only be the certificate:
-----BEGIN CERTIFICATE----- .... -----END CERTIFICATE-----
works - the certificate has been imported. But now I have the problem mentioned in my extended mail:
I used the role CA-Operator (am I stupid?) when approving the sub-ca-CSR on the root ca. Now I have tried the following:
- renew archived request - changing of role to Sub-CA - approving the CSR - upload
When issuning certificate I got after entering the passphrase only a white screen.
How can I reissue the certificate of the sub-ca with the correct role? The now imported certificate has the extention "ca: false"... Btw: should importCACert not check "ca: true"?
Regards, Gottfried
------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
