Re: [Openca-Users] Upgrade from 0.9.1-8 and Error 560

Thu, 23 Feb 2006 16:07:04 -0800

maybe you use IE to do the signature or do the verfity,
you can try the mozilla,maybe it is OK,
I use IE to do the signature has the same error.
but mozilla is OK


 
2006/2/24, Peter Pramberger <[EMAIL PROTECTED]>:
Hi all!

I'm currently in the process of upgrading our OpenCA installation from 0.9.1-8
to 0.9.2.5. Configuration has been adapted and the database has been reimported.
But when displaying the archived CSR's I get

  Cannot build PKCS#7-object from signature!

in the Operator column and the signature error button appears on the detail
page. The error displayed is

  General Error Signature Object not returned, check the openca-verify command.
  Cannot build PKCS#7-object from extracted signature!
  OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot
  initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse
  signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot
  verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv failed.
  [Error]: Digest mismatch. Signature is wrong.
  [Info]: Input file intialized.
  [Info]: Signaturefile initialized.
  [Info]: Reading Certificate file.
  [Info]: PKCS#7 object loaded.
  [Info]: Data is ready for verification.
  [Info]: Signature Informations (PKCS#7):
  depth:1 serial:00 subject:REMOVED
  depth:0 serial:0E subject:serialNumber=14,CN=CA Administrator,...
  [Info]: Signature is corrupt. Errorcode -1.
  signature:error:-1
  ).

I've played around a bit and rescued the tempfiles from deletion. When verifying
the signature on the command line using

  openca-sv verify -verbose -cf /var/lib/openca/crypto/cacerts/cacert.pem
  -cd /var/lib/openca/crypto/chain -data 13286.req -in 13286.sig

I get the same error as above. When I convert the request file to unix format
(dos2unix) however the verification succeeds:

  signature:ok:1

One way to convert the requests would be to untar the database export, convert
the requests and retar it before import in the new version. Is there a way to
convert the requests in the database (using DBM)?


Regards,
Peter




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users



--
Yihua Zheng

Reply via email to