Menu
▾
▴
[OpenCA-Devel] Sign CRR Error in RA
|
From: Pablo N. <pa...@mo...> - 2006-03-31 10:51:47
|
Hi, we have a problem when sing a CRR, it gives me the follow error:
Error 6206
General Error Cannot build PKCS#7-object from extracted signature!
OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot
initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot
parse signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend
cannot verify the signature (7742075). OpenCA::OpenSSL->verify:
openca-sv failed. [Error]: error:04077068:rsa routines:RSA_verify:bad
signature
[Info]: Input file intialized.
[Info]: Signaturefile initialized.
[Info]: Reading Certificate file.
[Info]: PKCS#7 object loaded.
[Info]: Data is ready for verification.
[Info]: Signature Informations (PKCS#7):
depth:1 serial:818C842BA88E78BF
subject:emailAddress=ca@xxxxxxx,CN=xxxxxxxx,OU=PKI-PRUEBAS,O=PRUEBAS-xxxxxxx,C=ES
depth:0 serial:03
subject:serialNumber=3,CN=RA-Admin,OU=PKI,O=PRUEBAS-xxxxxxx,C=ES
[Info]: Signature is corrupt. Errorcode -1.
signature:error:-1
).
We have installed OpenCA en Debian testing (Openssl 0.9.8a and Mysql
4.1) with OpenCA 9.2.5 (UTF8) and Openca works in general fine (only
failed sign revocation in RA). The error happen when it use approveCRR,
exactly in.
my $signer = libGetSignatureObject( OBJECT=>$req );
if ( not $signer )
generalError ($errval, $errno);
}
The problem is returned by libGetSignatureObject, I think is possible
that req structure has not been correctly created or malformed because
the similar function in approveCSR works well.
Any idea are welcome.
Regards Pablo.
|