Jorge Davila a écrit :
If this is not the first try to initialize the RA you can drop/create
the database for RA and inspect the $OPENCADIR/var/crypto directories to
search for the old certs that was created if the first tries. Of course,
revoke the old certs, too you can try delete the the key (primary keys
of the old certs in the database located in the CA - not private keys)
Hello Jorge, hello all,
Thanks for your answer.
I haven't anything certificates/fils in the RA $OPENCADIR/var/crypto
directories except the certificates of the CA. Remember, this is a PKI
with separate CA and RA.
This is another reason I don't think the problem really comes from the
fact that a "A Certificate with the same public key exists!" as OpenCA
tells me. I think this error message might be wrong.
The following message seems to confirm this:
http://sourceforge.net/mailarchive/forum.php?thread_id=7366862&forum_id=2291
To give more background information I should say that, apart from this
USB token issue, the PKI actually works exactly as expected so far.
And to come back to the user certificate request, when a private key is
generated by the builtin Firefox security device, the user can request
as much certicates he/she wants, as long as the information provided
differs. And this is not the case with the USB token, since even a
single user certificate request cannot be approved.
It seems to me that the problem can lie in two possible areas:
1. bad interaction between usb token and Firefox
2. bad interaction between certificate request from usb token and
OpenCA
What do you think?
And please, could people using USB tokens, tell me how long should
a private key generation take when requesting a user certificate? Is
it supposed to be so fast (less than 1 second) or does it show in my
case that no private is generated and that the user certificate is
actually not signed (which could be the cause the approval problem)?
Cheers,
--
Marc-Aurèle DARCHE
NUXEO (Paris, France) http://nuxeo.com
Nuxeo Collaborative Portal Server http://www.nuxeo.com/cps
Gestion de contenu web / portail collaboratif / groupware / open source
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
