Hi,
With openCA 0.9.1.5 I am unable to issue a certificate to a sub-CA...
Error 6751
General Error. Error while issuing Certificate to CA Services
Achatpublic.com (filename:
/usr/local/openca-0.9.1-5_ca_racine/OpenCA/var/tmp/04.req).
OpenCA::OpenSSL returns errocode 7731071 (OpenCA::OpenSSL->issueCert:
OpenSSL fails (256).)..
The subject DN in the request is :
C=FR, O=Achatpublic.com, OU=Chiffrement, CN=CA Chiffrement Achatpublic.com
Since there is no e-mail I commented subjectAltName=${ENV::subjectAltName}
and issuerAltName=issuer:copy in ${root CA install
dir}/OpenCA/etc/openssl/extfiles/Sub-CA.ext
In Apache's log I have :
[Mon Dec 29 18:32:59 2003] [error] [client 192.168.1.38] Using configuration
from
/usr/local/openca-0.9.1-5_ca_racine/OpenCA/etc/openssl/openssl/Sub-CA.conf,
referer:
http://openca-ca-racine.cvs_data01.apc/cgi-bin/ca/ca?cmd=viewCSR;dataType=AP
PROVED_REQUEST;key=1312
[Mon Dec 29 18:32:59 2003] [error] [client 192.168.1.38] unable to load CA
private key, referer:
http://openca-ca-racine.cvs_data01.apc/cgi-bin/ca/ca?cmd=viewCSR;dataType=AP
PROVED_REQUEST;key=1312
[Mon Dec 29 18:32:59 2003] [error] [client 192.168.1.38]
18685:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:438:, referer:
http://openca-ca-racine.cvs_data01.apc/cgi-bin/ca/ca?cmd=viewCSR;dataType=AP
PROVED_REQUEST;key=1312
[Mon Dec 29 18:32:59 2003] [error] [client 192.168.1.38]
18685:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:421:,
referer:
http://openca-ca-racine.cvs_data01.apc/cgi-bin/ca/ca?cmd=viewCSR;dataType=AP
PROVED_REQUEST;key=1312
When prompted, I enter the passphrase of root CA private key, but error
above says it could not load the key.
Using openssl rsa -text -in c:\temp\cakey.pem (key is copied from
/OpenCA/var/crypto/cacerts/cakey.pem) I am sure the passphrase I enter is
right. Moreover, it doesn't contain exotic letters.
Thanks for helping, I'm fed up with multiple reinstallations... since
import/export mechanism doesn't include import/export of
/OpenCA/etc/servers/* files I have modified, and also /OpenCA/etc/openssl/*
I also modified. I guess this can be added to import/export, for such an
action to be really complete.
Barbara Post, who is silly working at this time of the year since everyone
here is on vacation, and close to live on nerves.
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id�78&alloc_id371&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
