Menu
▾
▴
[Openca-Users] Error 6273250 when signing
|
From: Markus B. <ma...@vp...> - 2007-02-21 05:50:56
|
Hi.
I am trying to install OpenCA 0.9.3-rc1 on a CentOS 4.4 machine.
I got most parts running except when I have to sign something with the
certificate in the browser (does not matter whether I use Firefox or
IE).
This is what I get after I changed the login type on the RA interface to
x509 and click the "Sign and login" button:
Error 6273250
General Error Cannot build PKCS#7-object from
extracted signature! OpenCA::PKCS7 returns
errorcode 7911031. (OpenCA::PKCS7->new: Cannot
initialize signature (7912021).
OpenCA::PKCS7->initSignature: Cannot parse
signature (7921021). OpenCA::PKCS7->getParsed:
The crypto-backend cannot verify the signature
(7742072). OpenCA::OpenSSL->verify: openca-sv
failed with errorcode 32512. This usually means
that the command openca-sv is malformed or not
present (openca-sv verify).)
I get the same error when I tried to approve a certification request on
the according page. Approve without signing works (obviously).
I imported the CA cert into the browser and ticked all the trust
settings.
openssl version on the RA machine is: OpenSSL 0.9.7a Feb 19 2003
I think I can remember reading something about problems with this
version of openssl.
If I don't have to I don't want to change the openssl version. But if
there is no other possibility how would I do that?
Just compile the latest openssl in e.g. /opt/openssl and use the
--with-openssl-prefix=/opt/openssl configure option? I tried that but I
ran into problems as well.
Also, I installed the required perl modules via CPAN. Are there
dependency issues if I compile openssl myself? What about Apache and
mod_ssl? Can I just use a costum openssl directory for OpenCA and keep
using the CentOS package for the rest of the system?
I'm thankful for any hint.
Cheers,
Markus
|