Hi, Johnny, It is next to impossible to help you. As instead of reading answers, you ask the same question again and again more and more loudly each time.
OpenCA philosophy is that user supplied information during ./configure stage or via config files later, both undergo nor syntactic nor semantic testing. Thus human error propagates far inside the soft and show up with quite unusual diagnostics. You place numerous config errors in your system: 1) --with-openssl-prefix=/usr/local/openssl-0.9.8 do you mean that you have /usr/local/openssl-0.9.8/bin/openssl executable in your system? If no, then your option is ignored and openssl _from the system path_ is called. 2) preparing your req with openssl-0.9.7 and then trying to issue utf8-speaking cert with 0.9.8 is a brave but not very methodical idea. Why don't you use 0.9.8 from the console as /usr/local/openssl-0.9.8/bin/openssl req ... (test it with /usr/local/openssl-0.9.8/bin/openssl version in advance) 3) when you prepare your req from the console, are you sure that your terminal is utf8-enabled? 4) For default_language option in config.xml you have to use values as listed in the file "initServer". And not the value which seems more sensible personally to you. Let me finish here, as 4 points listed above are far more than enough to bring your system down. Regards, Sergei ==================================================== At 23:14 12.08.2005, you wrote: >I did it again but I'm still getting the same error >message. I'm going to tell you what I did, maybe I >forget something. > >OpenCA Installation: >RA: > >./configure --with-language=en_GB >--with-openssl-prefix=/usr/local/openssl-0.9.8 >--with-httpd-user=apache --with-httpd-group=apache >--with-htdocs-fs-prefix=/var/www/html >--with-cgi-fs-prefix=/var/www/cgi > >make >make install-online > >Then store openssl politics files in >etc/openssl/openssl/ like User.conf > >Then store openssl extension files in >etc/openssl/extfiles/ > >Then edit roles file (etc/rbac/roles.xml) to add my >roles to the web interface. > >Then edit config.xml using these options: > > <option> > <name>default_language</name> > <value>en</value> > </option> > <option> > <name>default_charset</name> > <value>utf-8</value> > </option> > > <name>cert_chars</name> > <value>UTF8</value> > >Should I use instead of "en" "en_GB"?? > >Then I run ./configure_etc.sh and it completed >successfully. > >after that I did the same steps for the RA. Changing >my ./configure just to: > > >./configure --with-language=en_GB >--with-openssl-prefix=/usr/local/openssl-0.9.8 >--with-httpd-user=apache --with-httpd-group=apache >--with-htdocs-fs-prefix=/var/www/html >--with-cgi-fs-prefix=/var/www/cgi > >make >make install-offline > >then >./configure_etc.sh > >Then I went to configure my CA as usual, create a req >from openssl 0.9.7 using this command: > >openssl req -new -out newreq.pem -config Natural.conf > >where Natural.conf has the OIDs I need in the >certificates. >The load it in pub, process it in RA change to CA try >to issue the certificate and the Error message appears >again: > > Error 6761 > General Error Error while issuing >Certificate to Johnny Gonzalez PeЯa (filename: >/usr/local/OpenCA/var/tmp/03.req). > > > OpenCA::OpenSSL returns errocode >7731001 (OpenCA::OpenSSL->issueCert: Cannot create >X500::DN-object.). > >What do you think? >Did I forget something? > >My DB has UTF8 > >Thanks a lot, >Johnny ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
