Hi Michael,
thanks for your suggestions,
I've resolved the signature problem, by enroll the RA Operator certificate before approving and signing the user certificate request. It's all right!
Now I'm facing a new problem in the exportation of approved and signed certificate requests:
when I try to "Upload data to a higher level of the hierarchy" (in the ra_node), I receive the following message:
----------------------------------------------- Exporting Approved REQUEST... Exporting Archive... -----------------------------------------------
So, when I try to "Receive data from a lower level of the hierarchy" (in the ca_node), I get the following message:
----------------------------------------------- Importing Approved REQUEST... No objects are present. -----------------------------------------------
NOTE: I'm still using the OpenSSL 0.9.7d version. I can't check the config.xml file because I think that my openca version doesn't provide it.
Can anyone help me, please?
Thanks in advance Valeria
Michael Bell wrote:
open_group wrote:
Hi everybody,
I'm new of openCA and I'm have followed the istructions in the OpenCA guide (by M.Bell) and I succeeded in installing the CA, RA and PUB interfaces, but now I'm having some problems in approving and signing the user certificate request. In particular, when the RA authority try approving and signing a certificate request I got the following error message:
-----------------------------------------------------------------------------------------------
Certificate Request Successfully approved.
Signature: Cannot find the certificate with the matching serial in the database!
-----------------------------------------------------------------------------------------------
This can be caused by two things - the certificate is not in the database because the CA doesn't enroll it or the usual OpenSSL 0.9.7d bug is in action (then the complete signature stuff does not work).
Moreover, I can't export the request even if it is approved and not signed.
Any suggestion?
Check config.xml. Did you activate the correct preconfiguration template for the dataexchange?
NOTE: I'm using the following software:
OpenCA 0.9.1.8 OpenSSL 0.9.7d
Please downgrade to OpenSSL 0.9.7c before continuing. OpenCA does not work with OpenSSL 0.9.7d because of a PKCS#7 bug in OpenSSL.
Best regards
Michael
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
