Vincenzo Della Mea wrote:
> > > information on the RA operator is given. When I check in the DBs the RA
> > > operator certificate is in the valid certificate DB. The CA certificate is
> > > in the Valid CA certificates DB. Everything else seems to work just fine.
> > > Does anyone know what the problem might be?
> >
> > Well, one possible problem is the path to the verify program inside
> >the ca.conf
> > file. Check all the path inside that file. Also did you installed OpenSSL
> > in /usr/local/openssl or do you have a pre-installed version of it ???
>
> I'm still having the same problem, even after having reinstalled all
> in order not to have redhat customized paths. Now openssl is in
> /usr/local/ssl/bin (following tradition), where I put also verify and
> sign. ca.conf is correctly reporting such paths.
> I made just a step beyond, by using the option "SSLVerifyClient
> require" in the apache configuration of RAserver (I missed it at the
> first time), so that now the serial number of the operator is
> correctly shown as first column in the pending requests list.
> However, operator data are still not available; tracing the problem,
> it seems that is because $sigstatus is false, and this is connected
> to verification, but I do not know how.
> Even because verification problems are still present even in the demo
> CA of OpenCA: trying to test a certificate gives the following result:
> ...
> Verification:
> Couldn't verify the signature
I can say this is a good result, cause last night I checked the perl code.
I realized this section was not completed.
testcert:
line about 12?
if ( system($command)){
:
:
The command will return status as this if checking successful:
======================================================
depth=1 [EMAIL PROTECTED]
CN=CA OU=OpenCA O=Blah C=TW
verify return:1
depth=0 [EMAIL PROTECTED]
CN=rao OU=OpenCA O=Blah C=TW
verify return:1
signer info Signed time:Nov 30 11:02:47 2000 GMT
done
======================================================
And "system" this call will always return a non-zero value,
so the message will be "Couldn't verify the signature" forever.
begin:vcard
n:Chang;Liang-Hao
tel;home:(03)4376926
tel;work:(03)4563171-4707
x-mozilla-html:FALSE
org:ICQ: 48578759;Graduated Student of CYCU ICE
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Macleod (���J��)
fn:Liang-Hao Chang
end:vcard
