Hi Oleg, I got my CA working, but only by reinstalling it. I don�t know what exactly the problem was but here is what I know:
I added several log entries to the crypto-utils.lib to trace the issuing process. What I found was that when the CA tried to compare the enddate of the certificate to be issues with the CA's root cert it got stuck. That was cause by the cryptoshell which returned nothing when asked for the enddate of the root cert. The perl interpreter got stuck when trying to reformat the given enddate. It didn't cause any error and nothing was logged anywhere (including the apache error logs), perl just got stuck. When I looked for the openssl perl lib I found 2 of them. I don�t know exactly where the other perl lib came from. Maybe a leftover from the snapshot isntallation I had before or, more likely, it was the lib from the openCA-perl packages which are part of suse 8.2. don�t know why my ca always used the wrong one. Anyway, I removed the suse packages and also removed all openCA files and reinstalled it (since I didn�t clean after installing I just had to do make install-ca again) and now it works fine. I hope this helps. Best regards, Robert -----Urspr�ngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Oleg Kostine Gesendet: Mittwoch, 19. November 2003 14:59 An: [EMAIL PROTECTED] Betreff: [Openca-Users] Re: Can't sign certificates -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Robert, did you get a reply from anyone? I'm having the exact problem. You help would be appretiated! Thanks Oleg Hello, I've installed openCA 0.9.1-3 on suse 8.2 with apache 1.3 and following module versions: Module Version OpenSSL 0.9.91 Tools 0.4.3 DB 0.9.82.2.2 Configuration 1.5.3 TRIStateCGI 1.5.5 REQ 0.9.47.2.2 X509 0.9.38.2.1 CRL 0.9.15 PKCS7 0.9.12 Both , ra and ca, are on the same pc, just in different directories. I got though phase 1 just fine, without any error but I can't sign any csr! I tried initialization phase 2 and I'm able to create a new request and view/edit it, but when I click on Issue Certificate nothing happens after I entered the CA password. I just get a blank frame without any content (I looked at the html source). There aren't any errors generated, only the usual documentation from apache: 192.168.123.189 - - [13/Nov/2003:17:37:13 +0100] "GET /cgi-bin/ca/ca HTTP/1.1" 200 1929 192.168.123.189 - - [13/Nov/2003:17:37:17 +0100] "GET /cgi-bin/ca/ca?cmd=setupInitialCert&dest=viewCSR HTTP/1.1" 200 5657 192.168.123.189 - - [13/Nov/2003:17:37:20 +0100] "GET /ca/pwd.html HTTP/1.1" 304 - 192.168.123.189 - - [13/Nov/2003:17:37:20 +0100] "GET /ca/scripts/pwd.js HTTP/1.1" 304 - 192.168.123.189 - - [13/Nov/2003:17:37:20 +0100] "GET /ca/scripts/focus.js HTTP/1.1" 304 - 192.168.123.189 - - [13/Nov/2003:17:37:23 +0100] "POST /ca/pwd.html HTTP/1.1" 405296 192.168.123.189 - - [13/Nov/2003:17:37:24 +0100] "POST /cgi-bin/ca/ca?cmd=setupInitialCert&dest=viewCSR HTTP/1.1" 200 0 I also did a cert request on the ra, approved it, exported it to floppy and importet it into the ca. It's listed in Approved Certificate Requests but when I try to issue it the same thing happens again. I already tried openssl 0.9.7c and 0.9.8-1, both generate the CA keypare and sign it without any trouble. I'm also able to sign the CRL. I don't think it's cause by access rights, but I got so desperate that I set the whole ca directory to 777. Any help would be appreciated. Best regards, Robert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/u3cv/hdP1i0svlARAmBqAKCGxujwpbGJdUHn83T1cpVYmVjfcQCgohH+ 5poa2EQWJ4zz/fI2f3TlTyQ= =Isfj -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
