Hi all! I'm currently in the process of upgrading our OpenCA installation from 0.9.1-8 to 0.9.2.5. Configuration has been adapted and the database has been reimported. But when displaying the archived CSR's I get
Cannot build PKCS#7-object from signature! in the Operator column and the signature error button appears on the detail page. The error displayed is General Error Signature Object not returned, check the openca-verify command. Cannot build PKCS#7-object from extracted signature! OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv failed. [Error]: Digest mismatch. Signature is wrong. [Info]: Input file intialized. [Info]: Signaturefile initialized. [Info]: Reading Certificate file. [Info]: PKCS#7 object loaded. [Info]: Data is ready for verification. [Info]: Signature Informations (PKCS#7): depth:1 serial:00 subject:REMOVED depth:0 serial:0E subject:serialNumber=14,CN=CA Administrator,... [Info]: Signature is corrupt. Errorcode -1. signature:error:-1 ). I've played around a bit and rescued the tempfiles from deletion. When verifying the signature on the command line using openca-sv verify -verbose -cf /var/lib/openca/crypto/cacerts/cacert.pem -cd /var/lib/openca/crypto/chain -data 13286.req -in 13286.sig I get the same error as above. When I convert the request file to unix format (dos2unix) however the verification succeeds: signature:ok:1 One way to convert the requests would be to untar the database export, convert the requests and retar it before import in the new version. Is there a way to convert the requests in the database (using DBM)? Regards, Peter ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
