> > information on the RA operator is given. When I check in the DBs the RA
> > operator certificate is in the valid certificate DB. The CA certificate is
> > in the Valid CA certificates DB. Everything else seems to work just fine.
> > Does anyone know what the problem might be?
>
> Well, one possible problem is the path to the verify program inside
>the ca.conf
> file. Check all the path inside that file. Also did you installed OpenSSL
> in /usr/local/openssl or do you have a pre-installed version of it ???
I'm still having the same problem, even after having reinstalled all
in order not to have redhat customized paths. Now openssl is in
/usr/local/ssl/bin (following tradition), where I put also verify and
sign. ca.conf is correctly reporting such paths.
I made just a step beyond, by using the option "SSLVerifyClient
require" in the apache configuration of RAserver (I missed it at the
first time), so that now the serial number of the operator is
correctly shown as first column in the pending requests list.
However, operator data are still not available; tracing the problem,
it seems that is because $sigstatus is false, and this is connected
to verification, but I do not know how.
Even because verification problems are still present even in the demo
CA of OpenCA: trying to test a certificate gives the following result:
...
Verification:
Couldn't verify the signature
Commmand
usr
local
ssl
bin
verify
tmp
signature.7317 -d
tmp
signtext.7317 -cf
usr
local
RAServer
cacert.pem >
dev
null
I should say that the rest seems to work fine.
Bye,
Vincenzo
--------------------------------------------------------------
Per problemi: [EMAIL PROTECTED] oppure (anche meglio)
[EMAIL PROTECTED] (messaggio con la sola parola HELP)
--------------------------------------------------------------
