Vincenzo Della Mea wrote:
> I'm still having the same problem, even after having reinstalled all
> in order not to have redhat customized paths. Now openssl is in
> /usr/local/ssl/bin (following tradition), where I put also verify and
> sign. ca.conf is correctly reporting such paths.
Check if when instantiating a new OpenCA::OpenSSL object the line
looks like this:
$backend = new OpenCA::OpenSSL( SHELL=>$shell );
it is important the SHELL to be present and the path to correctly
point to the openssl command (check it). If the parameter is
not present when using the 'new' method it will fail - add it.
> I made just a step beyond, by using the option "SSLVerifyClient
> require" in the apache configuration of RAserver (I missed it at the
> first time), so that now the serial number of the operator is
> correctly shown as first column in the pending requests list.
Yes, the RA Server should be accessible only to RA Operators
with client verification enabled...
> However, operator data are still not available; tracing the problem,
> it seems that is because $sigstatus is false, and this is connected
> to verification, but I do not know how.
I'll check the signature verification process...
> Even because verification problems are still present even in the demo
> CA of OpenCA: trying to test a certificate gives the following result:
> ...
The DEMO on the site is a modified 0.2.0 - I'll replace ASAP with a newer
one.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
