Menu
▾
▴
Re: [Ejbca-develop] Issuer mismatch error
|
From: martijn.list <mar...@gm...> - 2013-02-07 19:33:57
|
Hi, On 02/07/2013 08:12 PM, Alireza Karbasian wrote: > The attached file contains the test certificates. the certificate here > is not issued for pdf signing but this is the same thing that happens to > original certificates. Verification with OpenSSL seems to be ok after conversion of ca.cer to PEM (ca.cer.pem) openssl crl -in AdminCA1\(downloadedFromEJBCA\).crl -CAfile ca.cer.pem -inform DER martijn@coolermaster:~/temp/certs$ openssl crl -in AdminCA1\(downloadedFromEJBCA\).crl -CAfile ca.cer.pem -inform DER verify OK -----BEGIN X509 CRL----- MIICLDCCARQCAQEwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTEx FTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UXDTEzMDIwNzEyMzY0 N1oXDTEzMDIwODEyMzY0N1qggagwgaUwHwYDVR0jBBgwFoAU3BKuSh4TQDbsjtGJ S9LNaUfIO5gwCgYDVR0UBAMCAQIwdgYDVR0cBG8wbaBroGmGZ2h0dHA6Ly9pbGlh Y2EuaXI6ODA4MC9lamJjYS9wdWJsaWN3ZWIvd2ViZGlzdC9jZXJ0ZGlzdD9jbWQ9 Y3JsJmlzc3Vlcj1DTj1BZG1pbkNBMSxPPUVKQkNBJTIwU2FtcGxlLEM9U0UwDQYJ KoZIhvcNAQEFBQADggEBAHEj9XbM6634R2TtGOtSRGIpbML+/ZF9C/dLBxb76b21 7cOdm/DGQ7u4cfaW5iU57RRYBXZCajE7xQWRj3yyMJGBm/pn+0IXNN50sjtO6VX2 AEwFtOVxvqSph8x7DDCUK3ZFQgmBgTouigqgKfM41ipamNn/Ri9IR0PxSxXfpo30 akCMYmN/gkmSxgZNzECzdc5kAe9mp+gRemoTZLLgZonzW/bD4H4i6jhrmzD/kCp9 i95y6jSZJR4sPMpSKJ7F8Pa8U0i1H0emBHVK+i9QPBDucH4CncZObm4O/MH7+H1p u3AjjVKUSWaKl419WOvL7FbXAbt0U2IVaBq5MTPgC9o= -----END X509 CRL----- So OpenSSL thinks the CRL is ok. My own application also thinks the CRL is ok. The issue with the extra space is an OpenSSL "issue". It seems that the code for x509 outputs an extra space after : but the code for crl does not. Kind regards, Martijn Brinkers -- DJIGZO email encryption > > ------------------------------------------------------------------------ > *From:* ejbca-support <ejb...@pr...> > *To:* Alireza Karbasian <ili...@ya...>; > ejb...@li... > *Sent:* Thursday, February 7, 2013 4:55 PM > *Subject:* Re: [Ejbca-develop] Issuer mismatch error > > On 2013-02-07 14:05, Alireza Karbasian wrote: > > hello > > > > I used EJBCA (4.0.13) to issue a certificate for PDF signing. > everything seemed good and documents got signed! now when I opens my PDF > in adobe reader it tries to validate certificate against the CRL with my > CDP. it can access it but it gives me an error that "Issuer names mismatch". > > I used these commands to check the issuer names: > >>>openssl x509 -in signing.pem -issuer -noout > >>>openssl crl -in crl.pem -issuer -noout > > > > and this is the output: > > openssl x509 -in test.pem -issuer -noout > > *issuer= /CN=AdminCA1/O=EJBCA Sample/C=SE* > > openssl crl -in crl.pem -issuer -noout > > *issuer=/CN=AdminCA1/O=EJBCA Sample/C=SE* > > ** > > Hi Alireza, > I have never heard about this before, can you send a > pasted certificate for us to study? > > Cheers > Anders > tech support > > > > as you can see there is space character in the beginning of > certificate issuer DN. I googled this and came to see there are some > discussions about this and assumed that this is a bug (in opnessl > maybe)! but no solutions! > > I could not find any related configuration in EJBCA to solve this and > yet I'm not sure even that this is a bug! did anybody encountered such a > problem? is this a bug in EJBCA? any help or guide will be appreciated! > > > > > > > ------------------------------------------------------------------------------ > > Free Next-Gen Firewall Hardware Offer > > Buy your Sophos next-gen firewall before the end March 2013 > > and get the hardware for free! Learn more. > > http://p.sf.net/sfu/sophos-d2d-feb > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > > ------------------------------------------------------------------------------ > Free Next-Gen Firewall Hardware Offer > Buy your Sophos next-gen firewall before the end March 2013 > and get the hardware for free! Learn more. > http://p.sf.net/sfu/sophos-d2d-feb > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
