Hello List. My first post... Error: -------
CA & RA on the same system, too short symmetric keylength error when entering RA (General Error 6251043) OpenCA: General error trapped Aborting connection - you are using a too short symmetric keylength ().: 6251043 at /usr/local/share/perl/5.8.3/OpenCA/UI/HTML.pm line 175, <SOCK> line 84. Compilation failed in require at ./openca_start line 62, <SOCK> line 84. I have this error when I try to load https://mypkiserver.company.com/ra My setup: ------------ Debian Sarge, kernel 2.4.25-1-386 OpenCa 0.9.2-RC4 (Apr27, 2004) Downgrade of openssl to 0.9.7c (according to the mailing-list, 0.9.7d seems to be "broken" for OpenCa) Module----------- Version OpenSSL ------- 0.9.109 Tools-------------- 0.4.3 DB ---------------- 2.0.5 Configuration --- 1.5.3 TRIStateCGI ---- 1.5.5 REQ -------------- 0.9.55 X509 -------------- 0.9.53 CRL -------------- 0.9.22 PKCS7 ---------- 0.9.17 Modified OPENCADIR/etc/config.xml and configure_etc.sh ran fine. I setup Initialization Phase I, II and III without problems. If I look at my IE6 SP1 Certificat store: - my Company Root CA Cert is present : Key length RSA 4096 (Cert store is : "Trusted Root Certification Authorities") - my CA Admin user is present: Key length RSA 1024 (Cert store is: "Personal") - my Company Web Server as well, Key length RSA 1024 (Cert Store is "Other people") All are signed by my Company Root CA Cert, which is a self-signed one. So far, so good... Any idea why I have this strange error ? Thanks a lot for you kind help. Best regards, Pascal Addendum: Apache-ssl conf is : Standard one plus, <VirtualHost _default_:*> ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/openca/htdocs ServerName mypkiserver.company.com SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ErrorLog /var/log/apache-ssl/ssl-err.log CustomLog /var/log/apache-ssl/ssl-access.log common SSLEnable ***** below public key of the server ***** SSLCertificateFile /etc/apache-ssl/ssl.crt/server.pem ***** below private key of the server ***** SSLCertificateKeyFile /etc/apache-ssl/ssl.key/server.pem <Directory "/var/www/openca/htdocs/ca"> Options Indexes FollowSymlinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/www/openca/htdocs/ra"> Options Indexes FollowSymlinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/www/openca/htdocs/pub"> Options Indexes FollowSymlinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/www/openca/htdocs/node"> Options Indexes FollowSymlinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/www/openca/htdocs/ca_node"> Options Indexes FollowSymlinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/www/openca/htdocs/ldap"> Options Indexes FollowSymlinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ "/var/www/openca/cgi-bin/" <Directory "/var/www/openca/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> </VirtualHost> ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
