Hi everyone, i'm looking for some help about Openca version 1.1.1 installed in my environment I installed my PKI env into OpenVZ VE, one for openca online and another VE for openca offline component based on Debian 2.6.26 Kernel.
All looks good, I can initialize my Database correctly on MySQL after activating Innodb functionality, and setup CA Interface using self signed certificate, OK right now. (MySQL admin told me that there are two indexes in table user and user-data and i must remove one) I tried many times to create a self signed certificate for my PKI, the process seems good OK, I went to the node management interface and done Upload to Higher Hierarchy all data to create a local copy of my Root certificate and execute Download from Higher Hierachy all Data and then i noticed a message that a have bad DN and that i can't import the Root CA certificate to LDAP. After initialized openldap cluster N/Master with for example dc=example,dc=com, OK right now, in debug mode on the LDAP cluster i can see the OpenCA insertion failed because a Bad Distinguished Name, so i started OpenLDAP with LogLevel -1 to catch more info but nothing more about the DN requested by the OpenCA insertion after renew another Import process , i tried to put my $DEBUG = 1; in /usr/local/lib/openca/functions/ldap-utils.lib but no more explicit message in stder.log. slapd[19012]: daemon: read active on 17 slapd[19012]: daemon: epoll: listen=8 active_threads=0 tvp=NULL slapd[19012]: daemon: epoll: listen=9 active_threads=0 tvp=NULL slapd[19012]: connection_get(17) slapd[19012]: connection_get(17): got connid=2 slapd[19012]: connection_read(17): checking for input on id=2 slapd[19012]: ber_get_next on fd 17 failed errno=0 (Success) slapd[19012]: connection_read(17): input error=-2 id=2, closing. <-------- this line indicate a bad DN request slapd[19012]: connection_closing: readying conn=2 sd=17 for close slapd[19012]: connection_close: conn=2 sd=17 slapd[19012]: daemon: removing 17 slapd[19012]: conn=2 fd=17 closed (connection lost) slapd[19012]: daemon: activity on 1 descriptor slapd[19012]: daemon: activity on: My problem is: I create a Root CA certificate like this model: DN: CN=Root_Certification_Authority,OU=PKI,DC=example,DC=com in the normal setup. In the CSR i can see the subject generated : "CN=Root_Certification_Authority,OU=PKI,DC=example,DC=com", it looks OK, * - but when i tried the next step of initialization using self signing request, it generate the Root certificate where the Subject change to "CN=Root-Certification_Authority,OU=PKI" only so i suppose that the origin of my problem reside in how to setup openssl to use the right Distinguished Name extension with DC=example,DC=com like the one used in the Certificate Signing Request. * - My troubleshooting shows me that my CA certificate dont bind the right DN, so i suppose that it's "CN=Root_Certification_Authority,OU=PKI" like the one in the DN after Self Signing request and i can agree that it is a bad DN for LDAP * - i found a copy of the script Self_Signed_CA.ext in /usr/local/var/openca/tmp/ repository after that, is it the normal operation of OpenCA ? . Any valuable help would be appreciate. By advance thank you ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
