On Sat, Feb 10, 2007 at 10:20:42PM +0400, Arsen Hayrapetyan wrote: > Date: Sat, 10 Feb 2007 22:20:42 +0400 > From: Arsen Hayrapetyan <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [Openca-Users] The serial number of CA root certificate > [snip]
> >> :) what OS or linux dist are you using? I've seen this behavior only > >> in Debian and reason for this is a too long serial of the CA certificate. > >> > I am using Scientific Linux CERN (SLC) 4, it is compatible with Red Hat > Enterprise Linux (RHEL) 4. The version > of OpenSSL I have is 0.9.7e. > >> You have two options: fix genCert subroutine in OpenSSL.pm so that > >> "-set_serial" openssl option is used for the CA certificate generation. > >> > I added the following line to genCert subroutine: > $command.="-set_serial 0x0"; Don't forget the tailing space: $command.="-set_serial 0x0 ", for CA cert usually number 1 for serial is used. > and issued a new certificate. It didn't help: OpenCA used the value > from $OPENCA_DIR/var/crypto/serial (it was 01). What serial number CA cert has? genCert is used for CA cert generation only. For other certs serial from $OPENCA_DIR/var/crypto/serial is used. My guess is, that CA cert's serial is causing problem, so you have to reinitialise OpenCA or to apply "bigint" patches. > >> Or you can use experimental patches named 30_bigint_serial_* from the cvs > >> > >> in the debian/patches directory. > I am afraid, they don't suit my operating system: I don't use Debian. > Those pathches aren't debian specific. You don't need'em unless you are planning to use serials that won't fit into 32bit integer. Regards, -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
