I set up OpenCA on two differente machines, one is the CA, the other is the RA, LDAP and PUB.
When I first imported the CA certificate on the RA machine, I got the error:
------------------------
Importing CA-Certificates into ldap ... Cannot write CA-Certificate 70e4e4752fd85f5bd580f5d34f639943 to LDAP
------------------------
I made some search on google and I tried to issue CA certificate without email (do not fill email part) and turn schemachecking off (use "schemacheck off" in slapd.conf).
Which version of OpenCA do you use?
This made the trick, even though I got some warning for LDAP:
------------------------ Importing valid CA_CERTIFICATE ... WARNING: Cannot update object but object is present in database FILE: /srv/ra/openca/var/tmp/tmp_ 9113/CA_CERTIFICATE/VALID/0ad9d316f45093cb5fb771858897e269.pem
Importing CA-Certificates into ldap ... CA-Certificate 0ad9d316f45093cb5fb771858897e269 is available via LDAP ------------------------
Why this ?
It is not allowed to simply overwrite an already existing certificate. This is necessary to be safe if a revocation was started. This is only a warning not an error. It means the import is not necessary because the cert is already present.
Michael
Then, I requested a user certificate on the PUB, then approved on the RA,
exported the Approved CSR to the CA, issued the cert, exported the cert to
the RA/PUB/LDAP machine.
When importing, I always get the error:
--------------------------
Importing Certificates into ldap ... Cannot write CERTIFICATE 7 to LDAP
--------------------------
In the LDAP directory, there are entries for the CN of the valid issued certs, but there are no certificates for them available in the LDAP directory. Only the CA cert is present.
Again which version of OpenCA do you use? Did you try to import the cert via the LDAP interface. Sometimes there are better errormessages.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
