[Openca-Users] unable to issue certificates on the CA

Wed, 12 Nov 2003 03:06:38 -0800 

Hello all,

I have the following setup

Server1:  Pub and RA

Server2:  CA

where server2 is standalone, data transfer between the two happens using
an usb stick.  Both are running Debian/Stable
----------------------------------------------------------
Configuration Server1:
OpenCA
(RA Server Version 0.9.1)
Module  Version
OpenSSL         0.9.83.2.1
Tools   0.4.3
DB      2.0.5
Configuration   1.5.3
TRIStateCGI     1.5.5
REQ     0.9.47.2.2
X509    0.9.38.2.1
CRL     0.9.15
PKCS7   0.9.12

� 1998-2002 by Massimiliano Pala and the OpenCA Group.
RA Server - Version 0.9.1
-----------------------------------------------------------
Configuration Server2:
OpenCA

(CA Manager Version 0.9.1)
Module  Version
OpenSSL         0.9.83.2.1
Tools   0.4.3
DB      2.0.5
Configuration   1.5.3
TRIStateCGI     1.5.5
REQ     0.9.47.2.1
X509    0.9.38
CRL     0.9.15
PKCS7   0.9.12

� 1998-2002 by Massimiliano Pala and the OpenCA Group.
CA Manager - Version 0.9.1
----------------------------------------------------------------

When requesting and approving certificate using server2 and issueing the
certificate using server 1 I get the following error:

            Error 6751
                  General Error. Error while issuing Certificate to
nwtest2.huisartsenpost.net (filename:
/usr/local/OpenCA/OpenCA/var/tmp/68.req).

                  OpenCA::OpenSSL returns errocode 7731071
(OpenCA::OpenSSL->issueCert: OpenSSL fails (256).)..

� 1998-2002 by Massimiliano Pala and the OpenCA Group.
CA Manager - Version 0.9.1

---------------------------------------------------------------------

Looking at the apache error log:

Using configuration from
/usr/local/OpenCA/OpenCA/etc/openssl/openssl/Web_Server.conf
entry 38: invalid expiry date
unable to write 'random state'

--------------------------------------------------------------------

I found the following post from madwolf suggesting to rebuild the
index.txt and serial file:

http://www.mail-archive.com/[EMAIL PROTECTED]/msg03475.html

However, this did not resolve the problem.

Checking the presence of cacert.pem:

lrwxrwxrwx    1 root     www-data       10 Nov 11 15:25 cacert.cer ->
cacert.der
lrwxrwxrwx    1 root     www-data       10 Nov 11 15:25 cacert.crt ->
cacert.pem
-rwxr-xr-x    1 root     www-data     1526 Nov 11 15:25 cacert.der
-rwxr-xr-x    1 root     www-data     2122 Nov 11 15:25 cacert.pem
-rwxr-xr-x    1 root     www-data     4088 Nov 11 15:25 cacert.txt
caroot:/usr/local/OpenCA/OpenCA/var/crypto/cacerts#

I have reinstalled both Server1 and Server2 multiple times.

Any suggestions?

Kind regards,

Harald Paterek



-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to