You can take a look in your ca or ra to see the valid certificates?
El jue, 23-06-2005 a las 09:21 +0200, M.-A. DARCHE escribió:
> Jorge Davila a écrit :
> > If this is not the first try to initialize the RA you can drop/create
> > the database for RA and inspect the $OPENCADIR/var/crypto directories to
> > search for the old certs that was created if the first tries. Of course,
> > revoke the old certs, too you can try delete the the key (primary keys
> > of the old certs in the database located in the CA - not private keys)
> >
>
> Hello Jorge, hello all,
>
> Thanks for your answer.
>
> I haven't anything certificates/fils in the RA $OPENCADIR/var/crypto
> directories except the certificates of the CA. Remember, this is a PKI
> with separate CA and RA.
>
> This is another reason I don't think the problem really comes from the
> fact that a "A Certificate with the same public key exists!" as OpenCA
> tells me. I think this error message might be wrong.
>
> The following message seems to confirm this:
> http://sourceforge.net/mailarchive/forum.php?thread_id=7366862&forum_id=2291
>
> To give more background information I should say that, apart from this
> USB token issue, the PKI actually works exactly as expected so far.
>
> And to come back to the user certificate request, when a private key is
> generated by the builtin Firefox security device, the user can request
> as much certicates he/she wants, as long as the information provided
> differs. And this is not the case with the USB token, since even a
> single user certificate request cannot be approved.
>
> It seems to me that the problem can lie in two possible areas:
> 1. bad interaction between usb token and Firefox
> 2. bad interaction between certificate request from usb token and
> OpenCA
>
> What do you think?
>
> And please, could people using USB tokens, tell me how long should
> a private key generation take when requesting a user certificate? Is
> it supposed to be so fast (less than 1 second) or does it show in my
> case that no private is generated and that the user certificate is
> actually not signed (which could be the cause the approval problem)?
>
> Cheers,
>
--
------------------------
Jorge Isaac Dávila López
--
The wise man doesn't give the right answers, he poses the right questions.
-- Claude Levi-Strauss
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id�492&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
