Kurt Hockenmaier wrote: > Hi Martin, > > I'm shure there is no certificate with CN=home-pix.home.de within the > database, so I used "unstructuredName". > but then they code shouldn't complain about an already existing certificate in the database... maybe there are more then one pending request with the same dn/subject in the db?
> The RA is working fine with this, but now the CA is complaining: > > OpenCA Allgemeiner Fehler 700: The compilation of the command > cmdIssueCertificate failed. openssl syntax for multi-valued RDNs is > unknown at /usr/lib/perl5/vendor_perl/5.8.7/X500/DN.pm line 104<br> If you edit the request, you should NOT use the available + connected fields in the subject name: this is like the request my look like: name value name value name1 value1 + name1 value2 + namex value x you should transform it into name value name value name1 value1 name2 value2 namex vlauex and make sure that the + connected fields from the request are empty! as i just saw, your certificates have the form: Subject: C=DE, O=XEN Test RA, OU=Trustcenter, CN=apache/serialNumber=5 usually cisco-devices don't like it to get an certificate back with an changed cn, you are not at this stage yet but if the device rejects the certificate you should disable this atomatic attachment of the serial number in the cn... this can be changed in etc/servers/##.conf.template (## = ra, ca, usw. Value: SET_CERTIFICATE_SERIAL_IN_DN) to enable or disable it greetings dalini ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
