From: Ralf H. M. <ra...@be...> - 2006-07-27 14:13:40
|
Hi, > Ralf Hornik Mailings wrote: > > does anybody read the list who developes or works with openca? > >> when I want to approve a CSR with digital signing using Internet >> Explorer >> 6 it works well but when I do the same with an CRR (same signing >> certificate)I get the following: >> >> Error 6206 >> General Error Cannot build PKCS#7-object from extracted signature! >> OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot >> initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot >> parse >> signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot >> verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv >> failed. >> [Error]: error:04077068:rsa routines:RSA_verify:bad signature >> [Info]: Input file intialized. >> [Info]: Signaturefile initialized. >> [Info]: Reading Certificate file. >> [Info]: PKCS#7 object loaded. >> [Info]: Data is ready for verification. >> [Info]: Signature Informations (PKCS#7): >> depth:1 serial:BAAB7AAE9EDF433E >> subject:emailAddress=na...@te...,CN=Test Root CA,OU=PKI,O=Some >> Company,C=DE >> depth:0 serial:02 >> subject:serialNumber=2,emailAddress=RA...@te...,CN=Registration >> Authority Administrator,OU=Trustcenter,O=Some Company,C=DE >> [Info]: Signature is corrupt. Errorcode -1. >> signature:error:-1 >> ). > > I believe that is a known problem because I found the following: > http://www.mail-archive.com/ope...@li.../msg02824.htm Sorry, I had a typo in that url. The correct link was: http://www.mail-archive.com/ope...@li.../msg02824.html >> When I approve a user validated CRR (using CRIN) OpenCA tells me that it >> has been signed correctly but later I see a "broken singature" and "no >> pksc7 object has been created" when I view the CRR. >> >> On mozilla id doesn't create any digital signature at all, neither >> approving any C[SR]R nor login using x.509 or anything else. >> >> I tested it with Mozilla Firefox version 1.0.6 to 1.5 (secClab >> installed) and IE version 6. >> >> Can anybody help me? Is this a client side Issue? > > Perlversion 5.8.6 > Opensslversion 0.9.7a > > OpenCA > ----------------------------- > OpenSSL 0.9.135.2.11 > Tools 0.4.3 > DB 0.9.115.2.8 > Configuration 1.5.3 > TRIStateCGI 1.5.5 > REQ 0.9.61.2.1 > X509 0.9.57 > CRL 0.9.24.2.1 > PKCS7 0.9.19.2.5 It would be very nice if somebody can give me answer, or point me into the right direction. Thanks Ralf |