I don't mean to be rude, but in my very first paragraph I stated that I have already installed it to the HD and have SecCLAB set up and running correctly. Those parts work (I can sign a cert using SecCLAB). I also downloaded the newest firefox, which works without SecCLAB.
The problem is that when revoking as an RA, the CRR is never actually added to the db. I found 3 commands under /OPENRAROOT/openca/libs/cmds that supposedly add a CRR to the db (according to the header comments): 'approveCRR', 'approveCRRnotSigned', and 'addCRR'. The only command that will actually add the CRR is 'addCRR'. I modified the script to call it, and that will add the CRR, but more problems follow. 'viewCRR' does not seem to work AT ALL. It silently errors out (like the script has a syntax error in it somewhere) when viewing any CRR. I can't seem to find any log files for it, so it's difficult to debug. The CRR is definitely in the db, and the key matches what OpenCA is trying to display. I then modified addCRR to work like approveCRR (by setting the status to APPROVED instead of NEW, the certificate status to REVOKED, and being signed by the RA). When I tried making a new CRL, however, the cert is not included in it. At this point, I'm giving up on the live CD, and am probably just going to do a real install. It's just way too much of a pain to deal with for anything more complex than a simple setup. Michael Cowart -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of CV - Otero Blasco Sergio Sent: Thursday, June 29, 2006 8:06 AM To: 'Ideas, tips and discussions about OpenCA installation and management.' Subject: Re: [Openca-Users] Certificate Revocation Hello Michael I've got the same problem . I read at http://www.dartmouth.edu/~deploypki/CA/OpenCA-LiveCD.html : ... Revoke a Certificate: You will need to install Openca onto a hard drive and install an upgraded version of mozilla (or download the SecCLAB plugin for the current version) before the revocation path will function for adminstrators. It seems (we) you'll need to install it onto a hard disk to be able to revoke a cert. Cheers, Sergio -----Mensaje original----- De: Michael Cowart [mailto:[EMAIL PROTECTED] Enviado el: Miércoles, 28 de Junio de 2006 04:40 p.m. Para: [email protected] Asunto: [Openca-Users] Certificate Revocation Hello Everyone, I have a question regarding certificate revocation. I am using the latest version of the Dartmouth OpenCA LiveCD, which has OpenCA 0.9.2 installed. I have installed it to the hard drive, and am able to create certificates, but I cannot revoke them. I've installed the latest version of Firefox, and imported my CA and RA admin keys into it. When I go through the RA interface to revoke a cert, it pops up asking me to sign the request, which I do (just like I would when granting a cert). When the page loads back, I receive the error: Error Cannot load CRR from the database. General Error. 6295040. There's no sign of a revocation request being filed, either. Here's all my version info: Module Version OpenSSL 0.9.103 Tools 0.4.3 DB 0.9.99 Configuration 1.5.3 TRIStateCGI 1.5.5 REQ 0.9.54 X509 0.9.52 CRL 0.9.22 PKCS7 0.9.17 I've googled it, but I can't find anything on that specific error. Has anyone seen it before? Thank you, Michael Cowart Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users *** ADVERTENCIA *** - El contenido del presente mensaje y los archivos adjuntos que pudiera contener son privados, estrictamente confidenciales y exclusivos para su destinatario, pudiendo contener informacion protegida por normas legales y de secreto profesional. Bajo ninguna circunstancia su contenido puede ser transmitido o revelado a terceros ni divulgado en forma alguna. En consecuencia de haberlo recibido por error, rogamos contactar al remitente y eliminarlo de su sistema. No nos responsabilizamos por la integridad y la seguridad de este mensaje, ya que el mismo podría estar sujeto a manipulaciones ilegales de informacion. *** WARNING *** - The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The integrity and security of this message cannot be guaranteed and it may be subject to unauthorized amendment, for which we accept no liability. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
