From: Chris C. <ch...@ka...> - 2004-06-29 15:54:09
|
Guys, I am testing the x509 ACL functions in 0.9.2 (latest CVS). I have set the Apache access control on ssl.conf (I am running Apache 2.0.*), and set the ca.xml access control file to require x509. I have left the acl values as ".*" for the moment. When I log onto the CA (using IEv6) I get the message to "Sign the Challenge". This I do, using the certificate from the new CA. I then get the following error: Error Cannot build PKCS#7-object from extracted signature! OpenCA::PKCS7 returns errorcode 7911031. (OpenCA::PKCS7->new: Cannot initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse signature (7921031). OpenCA::PKCS7->getParsed: Cannot parse the signer (). ) General Error. 6273250. The /var/log/messages file shows this: Jun 29 16:03:43 Fedora OpenCA PKI Log Message[6487]: <?xml version="1.0" encoding="iso-8859-1" ?> <log_message> <cgi> <params> <cgisessid> <value position="0">dd8bb7fd6751d7cde1e1c673e058cdeb</value> </cgisessid> <http_cgi_script> <value position="0">ca</value> </http_cgi_script> <http_request_method> <value position="0">post</value> </http_request_method> <http_user_agent> <value position="0">mozilla/4.0 (compatible; msie 6.0; windows nt 5.1)</value> </http_user_agent> <openca_ac_channel_https_mode> <value position="0">on</value> </openca_ac_channel_https_mode> <openca_ac_channel_remote_address> <value position="0">192.168.0.114</value> </openca_ac_channel_remote_address> <openca_ac_channel_server_software> <value position="0">apache/2.0.49 (fedora) Any ideas ? Chris... |