>[EMAIL PROTECTED] wrote:
>> Hello List. My first post...
>>
>> Error:
>> -------
>>
>> CA & RA on the same system, too short symmetric keylength error when entering RA
>> (General Error 6251043)
>>
>> OpenCA: General error trapped Aborting connection - you are using a too short
>> symmetric keylength ().: 6251043 at
>> /usr/local/share/perl/5.8.3/OpenCA/UI/HTML.pm line 175, <SOCK> line 84.
>> Compilation failed in require at ./openca_start line 62, <SOCK> line 84.
>
>This means that you are using a symmetric key which is shorter than
>specified in etc/access_control/ra.xml. Usually the symmetric cipher
>must have a length greater or equal 128. If you are using a mozilla then
>you can klick on the small lock to get informations about the used
>session cipher. The empty () at the end of the errormessage looks like a
>general problem with your SSL.
Thanks Michael,
You guess is correct... I had a quick look at my apache server and it is a:
mod_ssl/2.0.49 OpenSSL/0.9.7d enabled binary...
I installed OpenSSL/0.9.7c for the installation of OpenCA but version 0.9.7d is still
hanging around.
I guess what I have to do is recompile apache2 with the correct OpenSSL/0.9.7c libs as
well (and not use to .deb package)
or (temporary workaround)
modify the $OPENCADIR/etc/access_control/*.xml files, change:
from:
<channel>
<type>mod_ssl</type>
<protocol>ssl</protocol>
......
<symmetric_keylength>128</symmetric_keylength>
</channel>
to:
<channel>
<type>mod_ssl</type>
<protocol>ssl</protocol>
......
<symmetric_keylength>.*</symmetric_keylength>
</channel>
For information I dig the online doc and this tips is written here:
http://www.openca.org/openca/docs/online/ch02.html#id2818559
Pascal
>
>> Debian Sarge, kernel 2.4.25-1-386
>> OpenCa 0.9.2-RC4 (Apr27, 2004)
>> Downgrade of openssl to 0.9.7c (according to the mailing-list, 0.9.7d seems to be
>> "broken" for OpenCa)
>
>Michael
>--
>-------------------------------------------------------------------
>Michael Bell Email: [EMAIL PROTECTED]
>ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482
>(Computing Centre) Fax: +49 (0)30-2093 2704
>Humboldt-University of Berlin
>Unter den Linden 6
>10099 Berlin Email (private): [EMAIL PROTECTED]
>Germany http://www.openca.org
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: Oracle 10g
>Get certified on the hottest thing ever to hit the market... Oracle 10g.
>Take an Oracle 10g class now, and we'll give you the exam FREE.
>http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
>_______________________________________________
>Openca-Users mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/openca-users
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver
higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
