Re: [Openca-Users] Bug in RA when

Mon, 21 Mar 2005 04:42:23 -0800

Ives Steglich a �crit : 

Error 700

General Error The compilation of the command cmdViewCSR failed. Can't use an undefined value as a HASH reference at /usr/local/pki-ra/OpenCA/lib/functions/crypto-utils.lib line 1149.

ok, in my install this line is like:
my $expire_ca = $cryptoShell->getNumericDate($cacert->getParsed()->{NOTAFTER});


I've got the same line.


so this means, your ca cert is not there or initialized correct
so the question is what steps did you for initializing the RA part:


Aaaah thanks a lot :-) here is an explanation :-)


first you have to init the ca, create a ca-certificate and a crl at minimum - then export this and then


I think that my CA was well configured. I did the CA cert generation
without any problem. The export seemed also to went well. I did the
following:

Dataexchange -> Enroll data to a lower level of the hierarchy -> Configuration


init ra and import this data to ra - watch the import messages if all works fine...


This part went definitely fine. I'm sure that nothing wrong happened
here. The tar export was fine and readable and the import went well. I
did the following:

Server init -> Import Configuration


Here is what I have on the RA filesystem:

/usr/local/pki-ra# ls -la  openca/var/crypto/*
-rw-r-----  1 www-data www-data   3 Mar 21 12:46 openca/var/crypto/crlnumber
-rw-r-----  1 www-data www-data   0 Mar 21 12:46 openca/var/crypto/index.txt
-rw-r-----  1 www-data www-data   3 Mar 21 12:46 openca/var/crypto/serial

openca/var/crypto/cacerts:
total 0
drwxr-s--- 2 www-data www-data 312 Mar 21 12:55 .
drwxr-s--- 8 www-data www-data 280 Mar 21 12:46 ..
lrwxrwxrwx 1 root www-data 10 Mar 21 12:46 bp_cert.pem -> cacert.pem
lrwxrwxrwx 1 root www-data 10 Mar 21 12:46 cacert.cer -> cacert.der
lrwxrwxrwx 1 root www-data 10 Mar 21 12:46 cacert.crt -> cacert.pem
-rw-r--r-- 1 www-data www-data 0 Mar 21 12:55 cacert.der
-rw-r--r-- 1 www-data www-data 0 Mar 21 12:55 cacert.pem
-rw-r--r-- 1 www-data www-data 0 Mar 21 12:55 cacert.txt
lrwxrwxrwx 1 root www-data 10 Mar 21 12:46 keybackup_cert.pem -> cacert.pem
lrwxrwxrwx 1 root www-data 10 Mar 21 12:46 log_cert.pem -> cacert.pem

openca/var/crypto/certs:
total 0
drwxr-s---  2 www-data www-data  48 Mar 21 12:46 .
drwxr-s---  8 www-data www-data 280 Mar 21 12:46 ..

openca/var/crypto/chain:
total 4
drwxr-s---  2 www-data www-data  128 Mar 21 12:55 .
drwxr-s---  8 www-data www-data  280 Mar 21 12:46 ..
lrwxrwxrwx  1 www-data www-data   10 Mar 21 12:55 .0 -> cacert.crt
-rw-r--r--  1 pki      pki      1538 Mar 21 12:49 Makefile
-rw-r--r--  1 www-data www-data    0 Mar 21 12:55 cacert.crt

openca/var/crypto/crls:
total 0
drwxr-s---  2 www-data www-data  48 Mar 21 12:46 .
drwxr-s---  8 www-data www-data 280 Mar 21 12:46 ..

openca/var/crypto/keys:
total 0
drwxr-s--- 2 www-data www-data 152 Mar 21 12:46 .
drwxr-s--- 8 www-data www-data 280 Mar 21 12:46 ..
lrwxrwxrwx 1 root www-data 9 Mar 21 12:46 bp_key.pem -> cakey.pem
lrwxrwxrwx 1 root www-data 9 Mar 21 12:46 keybackup_key.pem -> cakey.pem
lrwxrwxrwx 1 root www-data 9 Mar 21 12:46 log_key.pem -> cakey.pem

openca/var/crypto/reqs:
total 0
drwxr-s---  2 www-data www-data  48 Mar 21 12:46 .
drwxr-s---  8 www-data www-data 280 Mar 21 12:46 ..


since the error looks like, the ca cert can't be found ($cacert is not initilized...) so then the RA can't check if the requested time period will be insinde ca-validity...


Could you tell me where the ca cert ought to be in the RA please?

I thought the ca cert should be in var/crypto/cacerts/cacert.pem
a file I definitely have.


And again thanks a lot for spending time on my case,

--
Marc-Aur�le DARCHE
NUXEO (Paris, France)                     http://nuxeo.com/
Nuxeo Collaborative Portal Server (CPS)   http://www.cps-project.org/
Gestion de contenu web / portail collaboratif / logiciel libre



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to