I am very frustrated now. On Monday 17 November 2003 18:00, Gottfried Scheckenbach wrote: > > 5. Import the CSR into the Root RA and get the Root CA to sign. > > Don't forget to change (on root-ra) the Role in CSR to Sub-CA! > > > 7.5 Run make in the chain directory. > > > > 8. Rebuild the Sub CA chain. > > Step 7.5 is done by step 8 (I think - I didn't run make). I have also > placed the root-ca cert into chain directory on ra... I don't know if > it's really nessecary but it makes no problems ;-)
OK, I have done all of this, but when I test a client certificate using the "Test Certificate" link in the Public server I get the same old error: "The signature is not valid. PKCS#7-Error 7932021: OpenCA::PKCS7->parseDepth: The chain is not complete. (6102). On the screen the issuers DN is that of the sub CA cert. If I run the command "openssl pkcs7 -in sig -print_certs -noout" I get the subject as the cert that was used to sign and the issuer as the sub CA cert. There is no root CA cert. If I install the sub and root CA certs into IE and then run the test again, I get the same error, but this time the issuers DN is that of the root CA cert. the command "openssl pkcs7 -in sig -print_certs -noout" this time shows tow issuers and two subjects, i.e. the chain of cert->sub CA->Root CA. This is driving me round the bend, as until I can get these signatures sorted out I can not use the batch processes on the CA to automate the CA procedures. Please please can anyone help me. Chris... ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
