Hi
answer at
http://www.openca.org/openca/docs/online/apas04.html#id2833291
Sebastien Poggi
| "[EMAIL PROTECTED]"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 29/04/2004 14:58
|
|
Hello List. My first post...
Error:
-------
CA & RA on the same system, too short symmetric keylength error when entering RA (General Error 6251043)
OpenCA: General error trapped Aborting connection - you are using a too short symmetric keylength ().: 6251043 at /usr/local/share/perl/5.8.3/OpenCA/UI/HTML.pm line 175, <SOCK> line 84.
Compilation failed in require at ./openca_start line 62, <SOCK> line 84.
I have this error when I try to load https://mypkiserver.company.com/ra
My setup:
------------
Debian Sarge, kernel 2.4.25-1-386
OpenCa 0.9.2-RC4 (Apr27, 2004)
Downgrade of openssl to 0.9.7c (according to the mailing-list, 0.9.7d seems to be "broken" for OpenCa)
Module----------- Version
OpenSSL ------- 0.9.109
Tools-------------- 0.4.3
DB ---------------- 2.0.5
Configuration --- 1.5.3
TRIStateCGI ---- 1.5.5
REQ -------------- 0.9.55
X509 -------------- 0.9.53
CRL -------------- 0.9.22
PKCS7 ---------- 0.9.17
Modified OPENCADIR/etc/config.xml and configure_etc.sh ran fine.
I setup Initialization Phase I, II and III without problems. If I look at my IE6 SP1 Certificat store:
- my Company Root CA Cert is present : Key length RSA 4096 (Cert store is : "Trusted Root Certification Authorities")
- my CA Admin user is present: Key length RSA 1024 (Cert store is: "Personal")
- my Company Web Server as well, Key length RSA 1024 (Cert Store is "Other people")
All are signed by my Company Root CA Cert, which is a self-signed one.
So far, so good...
Any idea why I have this strange error ? Thanks a lot for you kind help.
Best regards,
Pascal
Addendum:
Apache-ssl conf is :
Standard one plus,
<VirtualHost _default_:*>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/openca/htdocs
ServerName mypkiserver.company.com
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
ErrorLog /var/log/apache-ssl/ssl-err.log
CustomLog /var/log/apache-ssl/ssl-access.log common
SSLEnable
***** below public key of the server *****
SSLCertificateFile /etc/apache-ssl/ssl.crt/server.pem
***** below private key of the server *****
SSLCertificateKeyFile /etc/apache-ssl/ssl.key/server.pem
<Directory "/var/www/openca/htdocs/ca">
Options Indexes FollowSymlinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/openca/htdocs/ra">
Options Indexes FollowSymlinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/openca/htdocs/pub">
Options Indexes FollowSymlinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/openca/htdocs/node">
Options Indexes FollowSymlinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/openca/htdocs/ca_node">
Options Indexes FollowSymlinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/openca/htdocs/ldap">
Options Indexes FollowSymlinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/var/www/openca/cgi-bin/"
<Directory "/var/www/openca/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
