That didn't seem to fix it. I even went so far as to make everything in the
entire /usr/local/OpenCA directory world writable chmod -R 777 . The nobody
user exists, and is owner and group for all these files.
I reinitialized the database and went through all the init steps after I
changed the permissions. This is the transcript from the error log:
Generating RSA private key, 2048 bit long modulus
............................................................................
..........................+++
............................................................................
...............................+++
e is 65537 (0x10001)
No value provided for Subject Attribute CN, skipped
No value provided for Subject Attribute OU, skipped
make: *** get{e}[gu]id: Operation not permitted. Stop.
make: *** get{e}[gu]id: Operation not permitted. Stop.
make: *** get{e}[gu]id: Operation not permitted. Stop.
make: *** get{e}[gu]id: Operation not permitted. Stop.
General Error Trapped 512: Error while rebuilding the CA chain in
/usr/local/OpenCA/chain!<BR><BR><FONT SIZE=-1>rebuildChain<BR>make: ***
get{e}[gu]id: Operation not permitted. Stop.
</FONT><BR> at lib/misc-utils.lib line 71.
Compilation failed in require at /usr/local/apache/cgi-ca/ca line 169.
Hmm. I'll keep digging to see what I can find. Thanks for the response,
Zoran.
Chris
----- Original Message -----
From: "Zoran Markovic" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 17, 2002 3:34 PM
Subject: RE: [Openca-Users] Back to trying to get 0.8.1 working.
> Chris,
>
> I think you got some permition problem. Check permition of your OpenCA
> directory (usually under /usr/local/OpenCA - Unix). It appear that your
> web server user (ex. apache or http) does not have rights to write to
> the directory.
>
> I hope this will help.
>
> Zoran
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of
> Christopher Crowley
> Sent: Thursday, January 17, 2002 3:57 PM
> To: [EMAIL PROTECTED]
> Subject: [Openca-Users] Back to trying to get 0.8.1 working.
>
> Configuration Information:
>
> OpenCA
> (CA Manager Version 0.7.30)
> ------------------------------------------------------------------------
> ----
> ----
> Module Version
> OpenSSL 0.8.58
> Tools 0.4.3a
> DB 1.02
> Configuration 1.5.2a
> TRIStateCGI 1.5.4
> REQ 0.7.41
> X509 0.9.15
> CRL 0.7.61
> PKCS7 0.4.21a
> ------------------------------------------------------------------------
> ----
> ----
>
>
> I am going through the initialization process on CA server.
>
> I am able to do the following steps without errors:
>
> 1. Initialize Database
> 2. Generate new CA secret key;
> 3. Generate new CA Certificate Request (use generated secret key);
> 4. Export CA Certificate Request;
>
> But, when I try to:
> 5. Generate Self Signed CA Certificate (from altready generated
> request);
>
> I see this error in the error log:
> make: *** get{e}[gu]id: Operation not permitted. Stop.
>
> But, on the webpage the certificate appears to be generated (see
> certificate
> contents below).
>
> The next two initialization steps appear to function, but produce the
> same
> make error in the log.
> 6. Export CA certificate;
> 7. Import CA certificate ( approved by Root CA );
>
> And finally Rebuild CA Chain fails
> 8. Rebuild CA Chain;
>
> Error 512
> General Error. Error while rebuilding the CA chain in
> /usr/local/OpenCA/chain!
>
> rebuildChain
> make: *** get{e}[gu]id: Operation not permitted. Stop.
>
>
> Some additional data follows, which may be useful. Perhaps I need to
> completely clean all installed OpenCA contents, and try again. But if
> you
> have experienced this same problem, and were able to correct it without
> this
> step, please tell me how.
>
> Thanks in Advance,
>
> Chris
>
>
>
>
>
>
> <certificate contents>
> Following you can find the result of the generation process. Old
> certificate
> file is (private/cacert_13590.pem)
>
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 0 (0x0)
> Signature Algorithm: md5WithRSAEncryption
> Issuer: [EMAIL PROTECTED], O=Tulane University Test CA,
> C=US
> Validity
> Not Before: Jan 17 20:46:58 2002 GMT
> Not After : Jan 17 20:46:58 2004 GMT
> Subject: [EMAIL PROTECTED], O=Tulane University Test
> CA,
> C=US
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (2048 bit)
> Modulus (2048 bit):
> 00:ae:20:e7:33:9d:97:ce:87:4d:ed:34:3d:af:a6:
> 6e:9a:7f:21:a8:48:e3:e3:34:bd:a4:18:7f:57:95:
> 2e:33:4e:33:10:cf:d0:5d:2d:e0:7d:fc:fb:e2:8d:
> 1f:cb:34:f5:c6:d1:86:6d:ed:4c:40:d8:53:b1:04:
> 6f:3d:c1:a9:42:60:83:15:74:54:b5:f1:fb:19:60:
> 95:24:d1:56:12:26:e5:00:6f:cf:66:76:71:85:90:
> b9:76:49:9e:1d:91:c5:62:4c:73:4d:b2:8a:51:e5:
> a9:19:ac:eb:d0:be:46:6d:05:d5:92:51:5a:b3:57:
> 94:b6:98:a8:08:03:23:31:87:6d:20:9f:80:40:8a:
> 43:69:f2:c2:21:a7:2e:47:a2:f2:e7:d6:99:14:40:
> 03:44:a7:f2:3c:9a:fa:08:12:92:d5:a9:3e:ca:24:
> 6c:db:13:80:3c:31:c7:8c:f7:81:7a:ff:47:af:69:
> d9:fa:bd:01:62:5b:01:5e:32:bf:1e:e6:66:a7:a3:
> 8c:17:11:9e:e0:1d:dc:42:52:00:1b:6d:49:1a:5e:
> a4:32:ad:d6:43:52:08:84:1b:b8:e0:22:97:91:84:
> ff:14:53:cd:8d:c6:6b:68:7d:da:6b:d0:04:75:f0:
> cb:12:05:0e:1c:73:b5:93:70:69:b8:f8:98:78:02:
> 2e:27
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Basic Constraints: critical
> CA:TRUE
> X509v3 Subject Key Identifier:
> 32:34:F3:CB:F5:0E:D0:4F:39:15:D7:70:C6:DF:28:17:58:41:FD:18
> X509v3 Authority Key Identifier:
>
> keyid:32:34:F3:CB:F5:0E:D0:4F:39:15:D7:70:C6:DF:28:17:58:41:FD:18
>
> X509v3 Key Usage: critical
> Digital Signature, Non Repudiation, Certificate Sign, CRL
> Sign
> Netscape Cert Type:
> SSL CA, S/MIME CA, Object Signing CA
> X509v3 Subject Alternative Name:
> URI:http://ca.tcs.tulane.edu/
> X509v3 Issuer Alternative Name:
> URI:http://ca.tcs.tulane.edu/
> Authority Information Access:
> CA Issuers - URI:http://ca.tcs.tulane.edu/ca/ca.html
>
> X509v3 CRL Distribution Points:
> URI:http://ca.tcs.tulane.edu/cgi-bin/getcrl
>
> Signature Algorithm: md5WithRSAEncryption
> a0:bf:82:fc:0f:39:1a:f8:59:32:34:95:51:40:ff:37:66:1d:
> 5f:2e:81:56:39:93:65:61:fc:ef:47:ea:8a:0f:6f:21:dc:e4:
> a8:53:04:db:ab:1d:59:1a:f1:ac:da:20:1b:f1:bf:29:d4:cb:
> c4:07:f3:f1:72:e9:33:78:73:6b:61:ad:b0:88:e1:b1:45:b1:
> fe:bb:d5:5e:0f:b5:4b:82:48:7e:f7:5f:82:93:7c:86:1e:a2:
> eb:12:44:73:d0:20:eb:f4:33:ab:30:2a:c7:3e:2f:9e:e8:c7:
> 08:e4:d7:98:11:f8:90:98:0c:c4:06:da:00:9e:cc:ee:50:52:
> c1:59:d9:be:50:f9:7c:ea:19:5b:a5:9f:46:ee:57:ee:57:da:
> 1c:cf:80:5a:cc:44:58:a0:2e:74:62:02:8a:a7:8a:b0:7e:9a:
> a9:bb:39:b4:06:80:23:eb:5b:14:6a:db:e1:94:fa:ec:b4:07:
> 1f:d5:94:62:f7:68:08:42:33:83:42:f3:8e:95:12:ec:85:46:
> d0:0d:96:df:6a:26:66:3a:69:f2:d2:b6:5c:f5:98:25:ba:dc:
> e7:54:77:45:da:41:7c:81:d2:31:41:5e:8d:3a:2e:3a:4e:62:
> 3c:b4:3d:c2:24:5d:39:9b:58:d7:76:d6:88:d6:8d:7b:ba:7e:
> ff:75:60:58
>
> </certificate contents>
>
>
>
>
>
> <transcript from /usr/local/apache/logs/openca-error_log>
> Generating RSA private key, 2048 bit long modulus
> ...................+++
> ............................+++
> e is 65537 (0x10001)
> No value provided for Subject Attribute CN, skipped
> No value provided for Subject Attribute OU, skipped
> make: *** get{e}[gu]id: Operation not permitted. Stop.
> make: *** get{e}[gu]id: Operation not permitted. Stop.
> make: *** get{e}[gu]id: Operation not permitted. Stop.
> General Error Trapped 512: Error while rebuilding the CA chain in
> /usr/local/OpenCA/chain!<BR><BR><FONT SIZE=-1>rebuildChain<BR>make: ***
> get{e}[gu]id: Operation not permitted. Stop.
> </FONT><BR> at lib/misc-utils.lib line 71.
> Compilation failed in require at /usr/local/apache/cgi-ca/ca line 169.
>
> </transcript>
>
>
>
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-users
>
>
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-users
>
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
