Hi Jeremie,
backup and pasted the var/crypto/ folders with the cacert and private key from my working server to the new server but when it comes to issue a new cert request or a new crl, my CA passphrase fails.I've got the following messages in the CA interface after entering the CApassphrase: - for new CSR signing request : Error 6702: General Error Cannotuse the private key of the CA (7113050). Wrong passphrase for private key! - For new CRL building: Initializing CA token ... ECHEC OpenCA::Token errorcode: 7113050 OpenCA::Token errormessage: Wrong passphrase for private key!
Hmm that seems strange...Can you first have a look into the cakey.pem file - is it a regular PEM encoded key ? (should look like:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,ED8534.... ...some lines of chars.... -----END RSA PRIVATE KEY----- If it looks like this you can try the password on the key with > openssl rsa -in cakey.pem -nooutDo you have any special chars in the passphres ? Well known troublemakers are $<>= - if so try to change the passphrase
> openssl rsa -in cakey.pem.old -des3 -out cakey.pem.new Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
