Configuration Information:
OpenCA
(CA Manager Version 0.7.30)
----------------------------------------------------------------------------
----
Module Version
OpenSSL 0.8.58
Tools 0.4.3a
DB 1.02
Configuration 1.5.2a
TRIStateCGI 1.5.4
REQ 0.7.41
X509 0.9.15
CRL 0.7.61
PKCS7 0.4.21a
----------------------------------------------------------------------------
----
I am going through the initialization process on CA server.
I am able to do the following steps without errors:
1. Initialize Database
2. Generate new CA secret key;
3. Generate new CA Certificate Request (use generated secret key);
4. Export CA Certificate Request;
But, when I try to:
5. Generate Self Signed CA Certificate (from altready generated request);
I see this error in the error log:
make: *** get{e}[gu]id: Operation not permitted. Stop.
But, on the webpage the certificate appears to be generated (see certificate
contents below).
The next two initialization steps appear to function, but produce the same
make error in the log.
6. Export CA certificate;
7. Import CA certificate ( approved by Root CA );
And finally Rebuild CA Chain fails
8. Rebuild CA Chain;
Error 512
General Error. Error while rebuilding the CA chain in
/usr/local/OpenCA/chain!
rebuildChain
make: *** get{e}[gu]id: Operation not permitted. Stop.
Some additional data follows, which may be useful. Perhaps I need to
completely clean all installed OpenCA contents, and try again. But if you
have experienced this same problem, and were able to correct it without this
step, please tell me how.
Thanks in Advance,
Chris
<certificate contents>
Following you can find the result of the generation process. Old certificate
file is (private/cacert_13590.pem)
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: [EMAIL PROTECTED], O=Tulane University Test CA,
C=US
Validity
Not Before: Jan 17 20:46:58 2002 GMT
Not After : Jan 17 20:46:58 2004 GMT
Subject: [EMAIL PROTECTED], O=Tulane University Test CA,
C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ae:20:e7:33:9d:97:ce:87:4d:ed:34:3d:af:a6:
6e:9a:7f:21:a8:48:e3:e3:34:bd:a4:18:7f:57:95:
2e:33:4e:33:10:cf:d0:5d:2d:e0:7d:fc:fb:e2:8d:
1f:cb:34:f5:c6:d1:86:6d:ed:4c:40:d8:53:b1:04:
6f:3d:c1:a9:42:60:83:15:74:54:b5:f1:fb:19:60:
95:24:d1:56:12:26:e5:00:6f:cf:66:76:71:85:90:
b9:76:49:9e:1d:91:c5:62:4c:73:4d:b2:8a:51:e5:
a9:19:ac:eb:d0:be:46:6d:05:d5:92:51:5a:b3:57:
94:b6:98:a8:08:03:23:31:87:6d:20:9f:80:40:8a:
43:69:f2:c2:21:a7:2e:47:a2:f2:e7:d6:99:14:40:
03:44:a7:f2:3c:9a:fa:08:12:92:d5:a9:3e:ca:24:
6c:db:13:80:3c:31:c7:8c:f7:81:7a:ff:47:af:69:
d9:fa:bd:01:62:5b:01:5e:32:bf:1e:e6:66:a7:a3:
8c:17:11:9e:e0:1d:dc:42:52:00:1b:6d:49:1a:5e:
a4:32:ad:d6:43:52:08:84:1b:b8:e0:22:97:91:84:
ff:14:53:cd:8d:c6:6b:68:7d:da:6b:d0:04:75:f0:
cb:12:05:0e:1c:73:b5:93:70:69:b8:f8:98:78:02:
2e:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
32:34:F3:CB:F5:0E:D0:4F:39:15:D7:70:C6:DF:28:17:58:41:FD:18
X509v3 Authority Key Identifier:
keyid:32:34:F3:CB:F5:0E:D0:4F:39:15:D7:70:C6:DF:28:17:58:41:FD:18
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
X509v3 Subject Alternative Name:
URI:http://ca.tcs.tulane.edu/
X509v3 Issuer Alternative Name:
URI:http://ca.tcs.tulane.edu/
Authority Information Access:
CA Issuers - URI:http://ca.tcs.tulane.edu/ca/ca.html
X509v3 CRL Distribution Points:
URI:http://ca.tcs.tulane.edu/cgi-bin/getcrl
Signature Algorithm: md5WithRSAEncryption
a0:bf:82:fc:0f:39:1a:f8:59:32:34:95:51:40:ff:37:66:1d:
5f:2e:81:56:39:93:65:61:fc:ef:47:ea:8a:0f:6f:21:dc:e4:
a8:53:04:db:ab:1d:59:1a:f1:ac:da:20:1b:f1:bf:29:d4:cb:
c4:07:f3:f1:72:e9:33:78:73:6b:61:ad:b0:88:e1:b1:45:b1:
fe:bb:d5:5e:0f:b5:4b:82:48:7e:f7:5f:82:93:7c:86:1e:a2:
eb:12:44:73:d0:20:eb:f4:33:ab:30:2a:c7:3e:2f:9e:e8:c7:
08:e4:d7:98:11:f8:90:98:0c:c4:06:da:00:9e:cc:ee:50:52:
c1:59:d9:be:50:f9:7c:ea:19:5b:a5:9f:46:ee:57:ee:57:da:
1c:cf:80:5a:cc:44:58:a0:2e:74:62:02:8a:a7:8a:b0:7e:9a:
a9:bb:39:b4:06:80:23:eb:5b:14:6a:db:e1:94:fa:ec:b4:07:
1f:d5:94:62:f7:68:08:42:33:83:42:f3:8e:95:12:ec:85:46:
d0:0d:96:df:6a:26:66:3a:69:f2:d2:b6:5c:f5:98:25:ba:dc:
e7:54:77:45:da:41:7c:81:d2:31:41:5e:8d:3a:2e:3a:4e:62:
3c:b4:3d:c2:24:5d:39:9b:58:d7:76:d6:88:d6:8d:7b:ba:7e:
ff:75:60:58
</certificate contents>
<transcript from /usr/local/apache/logs/openca-error_log>
Generating RSA private key, 2048 bit long modulus
...................+++
............................+++
e is 65537 (0x10001)
No value provided for Subject Attribute CN, skipped
No value provided for Subject Attribute OU, skipped
make: *** get{e}[gu]id: Operation not permitted. Stop.
make: *** get{e}[gu]id: Operation not permitted. Stop.
make: *** get{e}[gu]id: Operation not permitted. Stop.
General Error Trapped 512: Error while rebuilding the CA chain in
/usr/local/OpenCA/chain!<BR><BR><FONT SIZE=-1>rebuildChain<BR>make: ***
get{e}[gu]id: Operation not permitted. Stop.
</FONT><BR> at lib/misc-utils.lib line 71.
Compilation failed in require at /usr/local/apache/cgi-ca/ca line 169.
</transcript>
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
