[Openca-Users] Error 6273250 when signing

[Markus Binsteiner]

Hi.

I am trying to install OpenCA 0.9.3-rc1 on a CentOS 4.4 machine.

I got most parts running except when I have to sign something with the
certificate in the browser (does not matter whether I use Firefox or
IE).

This is what I get after I changed the login type on the RA interface to
x509 and click the "Sign and login" button:
Error 6273250
                        General Error Cannot build PKCS#7-object from
                        extracted signature! OpenCA::PKCS7 returns
                        errorcode 7911031. (OpenCA::PKCS7->new: Cannot
                        initialize signature (7912021).
                        OpenCA::PKCS7->initSignature: Cannot parse
                        signature (7921021). OpenCA::PKCS7->getParsed:
                        The crypto-backend cannot verify the signature
                        (7742072). OpenCA::OpenSSL->verify: openca-sv
                        failed with errorcode 32512. This usually means
                        that the command openca-sv is malformed or not
                        present (openca-sv verify).)

I get the same error when I tried to approve a certification request on
the according page. Approve without signing works (obviously).

I imported the CA cert into the browser and ticked all the trust
settings.

openssl version on the RA machine is: OpenSSL 0.9.7a Feb 19 2003

I think I can remember reading something about problems with this
version of openssl.

If I don't have to I don't want to change the openssl version. But if
there is no other possibility how would I do that? 

Just compile the latest openssl in e.g. /opt/openssl and use the
--with-openssl-prefix=/opt/openssl configure option? I tried that but I
ran into problems as well.

Also, I installed the required perl modules via CPAN. Are there
dependency issues if I compile openssl myself? What about Apache and
mod_ssl? Can I just use a costum openssl directory for OpenCA and keep
using the CentOS package for the rest of the system?

I'm thankful for any hint.

Cheers,
Markus



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users