Hi, > Ralf Hornik Mailings wrote: > > does anybody read the list who developes or works with openca? > >> when I want to approve a CSR with digital signing using Internet >> Explorer >> 6 it works well but when I do the same with an CRR (same signing >> certificate)I get the following: >> >> Error 6206 >> General Error Cannot build PKCS#7-object from extracted signature! >> OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot >> initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot >> parse >> signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot >> verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv >> failed. >> [Error]: error:04077068:rsa routines:RSA_verify:bad signature >> [Info]: Input file intialized. >> [Info]: Signaturefile initialized. >> [Info]: Reading Certificate file. >> [Info]: PKCS#7 object loaded. >> [Info]: Data is ready for verification. >> [Info]: Signature Informations (PKCS#7): >> depth:1 serial:BAAB7AAE9EDF433E >> subject:[EMAIL PROTECTED],CN=Test Root CA,OU=PKI,O=Some >> Company,C=DE >> depth:0 serial:02 >> subject:serialNumber=2,[EMAIL PROTECTED],CN=Registration >> Authority Administrator,OU=Trustcenter,O=Some Company,C=DE >> [Info]: Signature is corrupt. Errorcode -1. >> signature:error:-1 >> ). > > I believe that is a known problem because I found the following: > http://www.mail-archive.com/[email protected]/msg02824.htm
Sorry, I had a typo in that url. The correct link was: http://www.mail-archive.com/[email protected]/msg02824.html >> When I approve a user validated CRR (using CRIN) OpenCA tells me that it >> has been signed correctly but later I see a "broken singature" and "no >> pksc7 object has been created" when I view the CRR. >> >> On mozilla id doesn't create any digital signature at all, neither >> approving any C[SR]R nor login using x.509 or anything else. >> >> I tested it with Mozilla Firefox version 1.0.6 to 1.5 (secClab >> installed) and IE version 6. >> >> Can anybody help me? Is this a client side Issue? > > Perlversion 5.8.6 > Opensslversion 0.9.7a > > OpenCA > ----------------------------- > OpenSSL 0.9.135.2.11 > Tools 0.4.3 > DB 0.9.115.2.8 > Configuration 1.5.3 > TRIStateCGI 1.5.5 > REQ 0.9.61.2.1 > X509 0.9.57 > CRL 0.9.24.2.1 > PKCS7 0.9.19.2.5 It would be very nice if somebody can give me answer, or point me into the right direction. Thanks Ralf ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
