Re: [Openca-Users] Problem with OpenCA chain verification

Sat, 15 Sep 2012 09:08:30 -0700 

stderr.log says the following to the event:

libGetSignerCertificateDB:: Signature => OpenCA::PKCS7=HASH(0xa74b560)
libGetSignerCertificateDB:: Signature Signer => HASH(0xa74ad2c)
libGetSignerCertificateDB:: Signature HAS a signer!
libGetSignerCertificateDB:: Signature DOES NOT HAVE A VALID SIGNER -> No
SERIAL!

I don't understand why cause it has a serial and the cert is valid cert and
shows up correctly in firefox store.

2012/9/15 Jorma Jormeli <jormna...@gmail.com>

> Hi,
>
> I have 1 Root CA and 2 Sub CA's. Every CA is installed with
> "install-offline install-online" so all components included, Public, CA and
> RA using same computer and same database. I can't sign anything on the Sub
> CA's with CA Operator or RA Operator certs, not even in the public
> interfaces "test certificate" section with user certs. I can tho in the
> Root CA, everything works fine.
>
> When I try to sign, I get the following error message:
>
> Error Code: 6103
>       The PKCS#7-object signals an error. The signature is not valid.
>
> PKCS#7-Error 7932039: OpenCA::PKCS7->parseDepth: There is a problem with
> the verification of the chain. ( error:2:unable to get issuer certificate)
>
> I have successfully signed Sub CA's certs in Root and delivered pem
> formatted Root Cert in the Sub CA chain directory and build up the chains
> successfully.
>
> The contens from one of the Sub CA's chain dir:
>
> lrwxrwxrwx 1 www-data www-data   10 2012-09-14 17:18 6e9f6ec0.0 ->
> cacert.crt
> -rw-r--r-- 1 www-data www-data 6634 2012-09-14 17:18 cacert.crt
> lrwxrwxrwx 1 www-data www-data   10 2012-09-14 17:18 ec912ccf.0 ->
> rootca.crt
> -rw-r--r-- 1 openca   openca   1548 2012-09-08 10:49 Makefile
> -rw-r--r-- 1 www-data www-data 7866 2012-09-14 10:17 rootca.crt
>
> Both of the .crt files contains the certs info first and then the pem code
> (---Begin Cert---... etc.), is this correct? I have also tried without the
> upper info.
>
> I have installed the authorities in firefox and added trust.
>
> Ubuntu Server 11.10
> OpenCA 1.3.0
> OpenCA tools 1.3.0
> Firefox 15.0
> OpenSSL 1.0.1c 10 May 2012
>
> I will appereciate if someone has a solution, thanks.
>
> Sincerely,
>
> Ville Helmine

------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to