From: Markus B. <ma...@vp...> - 2007-02-21 05:50:56
|
Hi. I am trying to install OpenCA 0.9.3-rc1 on a CentOS 4.4 machine. I got most parts running except when I have to sign something with the certificate in the browser (does not matter whether I use Firefox or IE). This is what I get after I changed the login type on the RA interface to x509 and click the "Sign and login" button: Error 6273250 General Error Cannot build PKCS#7-object from extracted signature! OpenCA::PKCS7 returns errorcode 7911031. (OpenCA::PKCS7->new: Cannot initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature (7742072). OpenCA::OpenSSL->verify: openca-sv failed with errorcode 32512. This usually means that the command openca-sv is malformed or not present (openca-sv verify).) I get the same error when I tried to approve a certification request on the according page. Approve without signing works (obviously). I imported the CA cert into the browser and ticked all the trust settings. openssl version on the RA machine is: OpenSSL 0.9.7a Feb 19 2003 I think I can remember reading something about problems with this version of openssl. If I don't have to I don't want to change the openssl version. But if there is no other possibility how would I do that? Just compile the latest openssl in e.g. /opt/openssl and use the --with-openssl-prefix=/opt/openssl configure option? I tried that but I ran into problems as well. Also, I installed the required perl modules via CPAN. Are there dependency issues if I compile openssl myself? What about Apache and mod_ssl? Can I just use a costum openssl directory for OpenCA and keep using the CentOS package for the rest of the system? I'm thankful for any hint. Cheers, Markus |