[Openca-Users] Problem with OpenCA chain verification

Sat, 15 Sep 2012 06:22:52 -0700 

Hi,

I have 1 Root CA and 2 Sub CA's. Every CA is installed with
"install-offline install-online" so all components included, Public, CA and
RA using same computer and same database. I can't sign anything on the Sub
CA's with CA Operator or RA Operator certs, not even in the public
interfaces "test certificate" section with user certs. I can tho in the
Root CA, everything works fine.

When I try to sign, I get the following error message:

Error Code: 6103
      The PKCS#7-object signals an error. The signature is not valid.

PKCS#7-Error 7932039: OpenCA::PKCS7->parseDepth: There is a problem with
the verification of the chain. ( error:2:unable to get issuer certificate)

I have successfully signed Sub CA's certs in Root and delivered pem
formatted Root Cert in the Sub CA chain directory and build up the chains
successfully.

The contens from one of the Sub CA's chain dir:

lrwxrwxrwx 1 www-data www-data   10 2012-09-14 17:18 6e9f6ec0.0 ->
cacert.crt
-rw-r--r-- 1 www-data www-data 6634 2012-09-14 17:18 cacert.crt
lrwxrwxrwx 1 www-data www-data   10 2012-09-14 17:18 ec912ccf.0 ->
rootca.crt
-rw-r--r-- 1 openca   openca   1548 2012-09-08 10:49 Makefile
-rw-r--r-- 1 www-data www-data 7866 2012-09-14 10:17 rootca.crt

Both of the .crt files contains the certs info first and then the pem code
(---Begin Cert---... etc.), is this correct? I have also tried without the
upper info.

I have installed the authorities in firefox and added trust.

Ubuntu Server 11.10
OpenCA 1.3.0
OpenCA tools 1.3.0
Firefox 15.0
OpenSSL 1.0.1c 10 May 2012

I will appereciate if someone has a solution, thanks.

Sincerely,

Ville Helmine

------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to