[Openca-Users] New role

Mon, 24 Oct 2005 07:46:49 -0700

Hello everybody,

What happend after I added a role.

etc/rbac/roles.xml

<openca>
  <access_control>
    <roles>
      <role>User Encryption</role>
      <role>CA Operator</role>
      <role>RA Operator</role>
      <role>User</role>
      <role>Sub-CA</role>
      <role>Mail Server</role>
      <role>VPN Server</role>
      <role>Web Server</role>
    </roles>
  </access_control>
</openca>

etc/openssl/extfiles/User_Encryption.ext

basicConstraint=CA:FALSE
keyUsage = keyEncipherment, dataEncipherment, keyAgreement
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
issuerAltName=issuer:copy
crlDistributionPoints   = @cdp_section
__SUBJECT_ALT_NAME__

URI.1=http://www.elysium-os.nl/pki/Elysium_Open_Systems_test_CA.crl
           

etc/openssl/openssl/User_Encryption.conf

  <100% copy of User.ext>


the result when I enter the password for signing in the CA

      Error 6761

        General Error Error while issuing Certificate(ilt) to test (filename: /home/openca/offline/Elysium_Open_Systems_test_CA/var/tmp/03.req).


        OpenCA::OpenSSL returns errocode 7731075 (OpenCA::OpenSSL->issueCert: OpenSSL fails (7777067). Using configuration from /home/openca/offline/Elysium_Open_Systems_test_CA/etc/openssl/openssl/User_Encryption.conf
        DEBUG[load_index]: unique_subject = "yes"
        Check that the request matches the signature
        Signature ok
        ERROR: adding extensions in section default
        2488:error:2207C082:X509 V3 routines:DO_EXT_CONF:unknown extension name:v3_conf.c:123:
        2488:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:92:name=basicConstraint, value=CA:FALSE
        error in ca
        ).

For some strange reason this is not fully what I wanted ;-)
Some help please.

Marcel

Marcel Koopmans
Elysium Open Systems

------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to