Re: [Openca-Users] Failing to Approve Request without Signing from iKey3000 USB token

Wed, 22 Jun 2005 17:13:35 -0700 

If this is not the first try to initialize the RA you can drop/create
the database for RA and inspect the $OPENCADIR/var/crypto directories to
search for the old certs that was created if the first tries. Of course,
revoke the old certs, too you can try delete the the key (primary keys
of the old certs in the database located in the CA - not private keys) 

El mié, 22-06-2005 a las 22:53 +0200, M.-A. DARCHE escribió:
> Hello list,
> 
> 
> Common Information
> ------------------------------------------------
> OpenCA Version  : 0.9.2.2
> Perl Version    : 5.8.4
> OpenSSL Version : 0.9.7e
> OpenLDAP        :  2.1.30
> PostgreSQL      : 7.4.7-2
> Operating System: Stock Debian Sarge + 2.6.8-386
> Used Language(s): default (English)
> Special Changes : None
> Database initialized : y
> Database interface   : DBI with PostgreSQL
> Type of Installation : different Systems, 1 for CA and 1 for RA
> Used Browsers and mailers : Firefox, Thunderbird
> Smart card/USB
>    * openct         : 0.6.4
>    * opensc         : 0.9.6
>    * mozilla-opensc : 0.9.6
> ------------------------------------------------
> 
> 
> Problem Description
> -------------------
> I get an error when I try, with the RA, to Approve a certificate
> Request without Signing with a request generated from an
> iKey3000 USB token:
> 
>    Error 700
>    General Error A Certificate with the same public key exists!
>    This is a keycompromise of the certificates with the serial:
>    1
>    2
>    ...
>    Please revoke the certificates and delete the request.
> 
> 
> I have read Pierre Lhostis messages about almost exactly the same thing:
> http://sourceforge.net/mailarchive/forum.php?thread_id=7366862&forum_id=2291
> But Pierre's solution (cache_pins = true) doesn't solve the problem this
> time :-(
> 
> I have tried to change almost all the parameters in the opensc.conf
> file, as well as removing/inserting the USB token and closing/restarting
> Firefox with no success.
> 
> Just like Pierre, the USB token doesn't seem to create any private key
> on its one since the operation is finnished almost instantly compared to
> when it used to be the browser (Firefox) which did the private key
> generation.
> 
> I would be very pleased to give anyone more information and test any
> proposed solution :-)
> 
> Cheers,
> 
-- 
                                                               
------------------------
Jorge Isaac Dávila López
--

The wise man doesn't give the right answers, he poses the right questions.
-- Claude Levi-Strauss
        




-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to