removed all x509 extensions like CA:true etc from cnf file.
Generated a 512 bit CA key & Cert with only O,OU,C .
Was able to import it into Oracle
Also signed a CSR
Able to import user certificate into oracle.
Thanx a lot guys,
especially Geoff Thorpe
and Franck martin.
bye,
vish.
Geoff Thorpe wrote:
20011120101945.KYYV13078.mta4-rme.xtra.co.nz@there">Hi there,
I have no idea what it is that is bothering Oracle 8i about your cert(s) so
I can simply make guesses here ...
On Tuesday 20 November 2001 02:32, viswanath wrote:Here are the differences found
MY CERT | VERISIGN
1) 1024-bit 1) 512-bit
2) serial no. 0 2) serial no.
52:a9:f4:24:da:67:4c:9d:af:4f:53:78:52:ab:ef:6e
3) has C,L,ST,O,OU,CN 3) has O,OU,OU only.
4)has the x509 v3 extension 4) does not have any x509 v3 extensions
Wat i did was the last differences were removed? but still it did not
work
You removed all the differences? In particular did you generate a a non-v3
cert?
A quick search on google turned up this;
http://www-rohan.sdsu.edu/doc/oracle/network803/A54088_01/conc1.htm
which mentions in passing that it doesn't support v3 certs ("for now").
There may be other things it doesn't support, but that's one they come
clean about. :-)
Another difference I noted with a quick scan was that your cert contained
email addresses - in particular these are encoded as IA5STRING whereas the
verising one has nothing but PRINTABLESTRINGs. I'd have hoped that wouldn't
make a difference but you never know - are you able to play around with
generating a few varieties of certs and importing each in turn to see if
you can find the difference between "acceptable" and "unacceptable"?
Cheers,
Geoff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
