On Mon, Dec 22, 2003 at 12:46:02AM +0100, Michael Bell wrote:
> From: Michael Bell <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: [Openca-Users] Phase II Create initial administrator
> Date: Mon, 22 Dec 2003 00:46:02 +0100
>
>
> > I did some debugging and it appears to be very same problem as Jonathan
> >Nicholson had in his message:
[snip]
>PKI Debugging: Error: 7755011
> >PKI Debugging: Message: OpenCA::OpenSSL->getNumericDate: No argument
> >specified.
> >PKI Debugging: debugging messages of OpenSSL token follow
>
> This indicates that the crash of issueCertificate is in function
> libIsLifetimeTooLong of crypto-utils.lib. The error is caused by the
> following line:
>
> my $expire_ca =
> $cryptoShell->getNumericDate($cacert->getParsed()->{NOTAFTER});
>
> The problem is that I don't understand why NOTAFTER is empty. Can you
> output NOTAFTER with a print command to verify the problem?
I've added these line to crypto-utils.lib around line #1322
my $notafter = $cacert->getParsed()->{NOTAFTER};
print STDERR "libIsLifetimeTooLong: notafter = $notafter\n";
Trying to issue certificate gives me:
cosstel:/etc/openca# writing RSA key
libIsLifetimeTooLong: notafter =
From database I can extract certificate request:
-----BEGIN CERTIFICATE REQUEST-----
MIIBSDCB8wIBADCBjTELMAkGA1UEBhMCTUQxFTATBgNVBAoTDFVuaWZsdXgtTGlu
ZTEUMBIGA1UECxMLVHJ1c3RjZW50ZXIxGTAXBgNVBAMTEGNlcnRpZmljYXRlLm5h
bWUxNjA0BgkqhkiG9w0BCQEWJ2NlcnRpZmljYXRlLmVtYWlsQGxleGEudW5pZmx1
eC1saW5lLm5ldDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCu3QshdXmVudYW3n6D
GBVEarBAFhoZY4/779/ezLtc2Qr7Igv+2rFxb5L0J7VOTo++x1sePtCM3zkF/pBD
yca7AgMBAAGgADANBgkqhkiG9w0BAQUFAANBAIV0ge/NYLZBh6WESloIGuLSD5wF
jvxY8qL42Scse2zl0GPWL2UJeKdzomz5VHZGTfFNQw8WNNOkntecesv9qnI=
-----END CERTIFICATE REQUEST-----
BTW, when request for RA admin was created, only these fields were
printed:
ADDITIONAL_ATTRIBUTE_DEPARTMENT Department
ADDITIONAL_ATTRIBUTE_EMAIL [EMAIL PROTECTED]
ADDITIONAL_ATTRIBUTE_REQUESTERCN First Last Name
ADDITIONAL_ATTRIBUTE_TELEPHONE Telephone
LOA 30
NOTBEFORE Mon Dec 22 09:24:29 2003 GMT
PIN 01b307acba4f54f55aafc33bb06bbbf6ca803e9a
RA Trustcenter itself
ROLE RA Operator
SERIAL 256
TYPE PKCS#10
Is "NOTAFTER" missing from the very beginning in request?
>
> >>>openca-snapshot from 19 Dec 2003
> >>>Postgres 7.3.4 as Database backend
--
Alexei Chetroi
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
