Hi again, sorry this is really long, but I can't work out what's going on here.
When I install ca and node on a machine, and generate a key and cert, I can't download the ca cert. Here's the process: (first I remove all of the previous install of OpenCA) 1. ./configure --enable-db --disable-dbi (and lots of other stuff..) 2. make; make install-node; make install-ca 3. configure and symlink stuff then run configure_etc.sh 4. start the openca server 5. chown apache.apache /var/db/* (in browser at https://localhost/ca) 6. initialize db 7. create ca private key 8. create ca csr 9. create self-signed cert Ok, all that seems to work. If I go to the ca certs now (in Information->CA Certificates->valid), and try to look at the ca cert, it says: "Error Invalid signature of the role of the user 54a3a..[snip]..45b1 (Hackers on the Road?) The errorcode from the cryptoshell is 7742075 OpenCA::OpenSSL->Verify:openca-sv failed. [Error]: error:0906D06C:PEM routines:PEM_read_bio:no start line that user signature is the same as the ca cert's serial number. It seems to be trying to use the serial of the ca cert as a user id. Which is really strange. 10. So I go back and create an admin account with a role of CA Operator. I'm still using passwd authentication though. I don't download the keys or delete them or anything. 11. I try and look at the ca cert again, and it does the same thing with the same error message. 12. I assume that something is broken with role based authentication, so I disabled it by: going to etc/access_control/ca.xml and setting <acl>no</acl> 13. Restart openca server 14. Look at the ca cert again, and it works now. It displays the cert, and has a download button at the bottom. I click on that, and I get: Error 700 General Error. Cannot load certificate 54..[snip]..b1.. The cacert.pem file is in the right spot, and I can create and sign certificates using the file, and the verify fine, but dataexchange doesn't transfer the ca cert. In fact, dataexchange behaves really strangely too. It only transfers one cert, even though there's the ca cert, an admin cert, and an RA cert. Any ideas? Maybe I need to download a newer version? (or an older one :) ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
