Re: [Openca-Users] serial(number)-file and new certs filename

Wed, 09 May 2001 05:24:41 -0700 



Michael Bell wrote:
> 
> Sascha M�ller schrieb:
> >
> > Hello OpenCa-Users,
> >
> > Does anybody have had this problem:
> >
> > If I try to certificate an user-CSR (via the CA-Webinterface), the new
> > generated user-certificate-file has the serial number as its name. The
> > problem is, that the serial number in the serial-file is in hex, while
> > the filename is the serial-number in decimal. Because of this, i get an
> > error-message, complaining the file could not be found.
> >
> > Example:
> > File CA/stuff/serial:
> > ------snip-----
> > 10
> > ------snip-----
> >
> > After trying to certificate there is a new cert:
> > /var/lib/CA/certs/new/10.pem
> >
> > and the error-message is:
> > ------snip-----
> > Error Trapped: Cannot access /var/lib/CA/certs/new/16.pem
> > ------snip-----
> >
> > Help would be very fine ....
> >
> > Alles Gute
> > Sascha
> 
> Which version or snapshot do you use?

I use the OpenCA RPMs by kuko and openssl 0.9.6
I found out that in the ca cgi script the function issueCertificate
parses the output from the "openssl ca ..."-command to get the serial
number. After i modified the patter-matching rule, i was able to get the
serial number in hex in place of decimal. 

Now the filename for the new cert is th right one.

Now i have a new problem:
The cert is stored in certs/new, then the stuff/archieved_reqs.db and
the stuff/issued_certs.db are updated, and then i get this error in the
apache log:
-----snip-----
....
Write out database with 1 new entries
Data Base Updated
ndbm store returned -1, errno 22, key "" at /home/httpd/ca-cgi/ca line
1659, <FD> chunk 3.
-----snip-----

Sascha


Just for informatial purpose:
This is how i modified th pattern-matching rule:
I changed
----snip-----
( $ser ) = ( $val =~ /serial.*?:[\s]*([\d\w]+)/i );
----snip-----
to
----snip-----
( $ser ) = ( $val =~ /serial.*?:[\s]*.*?[0][x]([\d\w]+)/i );
----snip-----


-- 
******************************************************************
Sascha M�ller 
Fachhochschule K�ln, Zentrum f�r Informationstechnologie (ZI),
zentrale Arbeitsstelle Multimedia (zAM)
50678 K�ln, Claudiusstr. 1, Tel: +49-221-8275-3935 Fax:-3131
mailto:[EMAIL PROTECTED], http://www.zi.fh-koeln.de/
PGP-Key:                        finger [EMAIL PROTECTED]

_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to