> helli schrieb:
>
> Configuration Error. Missing Configuration Keyword :
> DN_TYPE_basic_BODY.
>
> The above is the message when I follow the phase 2 of
> initialization to create the initial administrator.
> I try to choose different choises when inputing the
> information of CSR to solve this problem, but it still
> appear.
> I try to find the solution in Openca-Users mailing list, and
> I just found there is one guy who encountered the same
> problem in 06/05/2002 ,Message code is 8857075.
> But it seems no body help him to solve this problem.
> So this time I hope some body can help me solve this problem
> or show me some guides,
> thanks anyway.
The message is so old because the problem was fixed in the next
snapshot. It looks like your configuration is a little bit too old or
your configuration file was corrupted.
I attached the ca.conf of my testinstallation. There you can see how the
configurationfile should look.
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
## Configuration File for OpenCA Software Package
## (c) 1999 by Massimiliano Pala and OpenCA Group
## All Rights Reserved
## Crypto Section
## ==============
openssl "/usr/local/ssl/bin/openssl"
opensslEngine ""
sslconfig "/home/michael/OpenCA/Test/test1/OpenCA/etc/openssl/openssl.cnf"
sslindex "/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/index.txt"
sslserial "/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/serial"
VerifyPath "/home/michael/OpenCA/Test/test1/bin/openca-verify"
SignPath "/home/michael/OpenCA/Test/test1/bin/openca-sign"
MakePath "/usr/bin/make"
## Path to the signature verification program
## General Section
## ===============
## use DB or DBI here - DB is DBM-files and DBI is RDBMS
## config DBI via DBI.conf
DBmodule "DBI"
CgiLibPath "/home/michael/OpenCA/Test/test1/OpenCA/lib/functions"
CgiCmdsPath "/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/cmds"
CgiServerType "CA"
ModuleID 0
ModuleShift 8
MaxReturnedItems 30
TempDir "/home/michael/OpenCA/Test/test1/OpenCA/var/tmp"
certsIndex "/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/index.txt"
extFilesDir "/home/michael/OpenCA/Test/test1/OpenCA/etc/openssl/extfiles"
certDir "/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/certs"
SheetsDir "/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets"
IncludeDir
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/inc"
TextDir
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/txt"
## Sheets (HTML) Section
## =====================
ViewCSRSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_view_csr.html"
ViewCRRSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_view_crr.html"
pendingbasesheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_pending_reqs.html"
approvedbasesheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_approved_reqs.html"
renewbasesheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_renew_reqs.html"
deletedbasesheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_deleted_reqs.html"
archivedbasesheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_archived_reqs.html"
pendingcrrbasesheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_pending_crrs.html"
approvedcrrbasesheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_approved_crrs.html"
archivedcrrbasesheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_archived_crrs.html"
deletedcrrbasesheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_deleted_crrs.html"
NewCertsDir "/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/certs"
CRLBaseSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/issued_crls.html"
ViewCRLSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/view_crl.html"
BaseCertsList
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/issued_certs.html"
BaseSearchList
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/ca_search_list.html"
ValidCertSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/viewValidCert.html"
ViewCertSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/viewCert.html"
ViewSignatureSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/viewSignature.html"
## Batch Processors
## ================
KEY_BACKUP_KEY
"/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/keys/keybackup_key.pem"
KEY_BACKUP_CERTIFICATE
"/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/cacerts/keybackup_cert.pem"
BP_DIR "/home/michael/OpenCA/Test/test1/OpenCA/var/batch";
## use DENY, (ALLOW|OPTIONAL), (EN)FORCE
BP_KEY_BACKUP_MODE "ALLOW"
BP_DEFAULT_KEY_ALGORITHM "rsa"
BP_DEFAULT_KEY_LENGTH "1024"
BP_MINIMUM_KEY_LENGTH "1024"
BP_File_ImportNewUser "batch_new_user.txt"
BP_File_ImportUpdateUser "batch_update_user.txt"
BP_File_ImportACL "batch_acl.txt"
BP_File_ExportPIN "batch_export_pin.txt"
BP_ListUserSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/bp_list_user.html"
BP_ViewUserSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/bp_view_user.html"
BP_IssueCertificateSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/bp_issue_certificate.html"
BP_RevokeCertificateSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/bp_revoke_certificate.html"
BP_ApprovePendingCSRSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/bp_approve_pending_csr.html"
BP_ApproveRenewedCSRSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/bp_approve_renewed_csr.html"
## Images Section
## ==============
ValidSigImage "/ca/images/validSig.png"
SigErrorImage "/ca/images/sigError.png"
## Role section
## ============
OrganizationUnit "User" "RA Operator" "Web Server" "Network Server"
Country "DE"
Locality "Berlin"
## CA Initialization Section
## =========================
GenSKeySheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/genskey.html"
GenCAReqSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/gencareq.html"
GenCADBSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/gencadb.html"
GenCACertSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/gencacert.html"
## First User/RA/Public Initialization Section
## ===========================================
RegistrationAuthority "Trustcenter itself" "Help Desk 1" "Help Desk 2"
MinPinLength 10
## Basic CSR Forms
Basic_CSRStartForm
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/basic_csr_request_cert.html"
Basic_CSRConfirmForm
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/basic_csr_confirm_request.html"
Basic_CSRSuccessPage
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/request_success.html"
Basic_CSR_Keysizes "512" "768" "1024" "2048" "4096"
DN_TYPES "BASIC"
DN_TYPE_BASIC_BODY "YES"
DN_TYPE_BASIC_BASE "O" "C"
# if you have more than one OU simply add them
# this works for all possible attributes
# DN_TYPE_BASIC_ELEMENTS "EMAIL" "CN" "OU" "OU"
DN_TYPE_BASIC_ELEMENTS "emailAddress" "CN" "OU"
DN_TYPE_BASIC_NAME "Basic User Request"
DN_TYPE_BASIC_BASE_1 "Humboldt-Universitaet zu Berlin"
DN_TYPE_BASIC_BASE_2 "DE"
DN_TYPE_BASIC_ELEMENT_1 "E-Mail"
DN_TYPE_BASIC_ELEMENT_2 "Name"
DN_TYPE_BASIC_ELEMENT_3 "Certificate Request Group"
DN_TYPE_BASIC_ELEMENT_3_SELECT "Internet" "Partners" "Employees" "Trustcenter"
## Keyhandling
## ===========
ChangePasswdForm
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/change_passwd.html"
RemoveKeyForm
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/remove_key.html"
## Certificates Section
## ====================
CACertificate
"/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/cacerts/cacert.pem"
CACertificateDER
"/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/cacerts/cacert.der"
CACertificateCRT
"/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/chain/cacert.crt"
CACertDir "/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/cacerts"
ChainDir "/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/chain"
ReqDir "/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/reqs"
CAKey
"/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/keys/cakey.pem"
CRLDir "/home/michael/OpenCA/Test/test1/OpenCA/var/crypto/crls"
## Directory or device where to store backup copies of exported data
## Archivier Section
## =================
## The $dest and $orig will be replaced by the given values
## in the In/Out section and in the pendingreqs keyword.
##
## For UnpackArchive the $orig is taken from the ImportDev
## and the $dest from the pendingreqs.
##
## For CreateArchive the $dest is taken from the ExportDev
UnpackArchive "/bin/tar xvfp $orig -C $dest"
CreateArchive "/bin/tar cvfp $dest "
TestArchive "/bin/tar tvfp $dest"
## In/Out Section
## ==============
##
## The used ExportDest and ImportOrig are files used to export and/or
## import archive of Certification Requests and Issued Certificates
## (it can be used a device as well such as /dev/fd0 on a Linux
## or, if you use it on a Solaris an you want to avoid disabling
## the volume manager, use the PreIOExec and PostIOExec with a
## sequence of volcheck/mount/etc... )
## ExportDev "/tmp/openca-outca.tar"
## ImportDev "/tmp/openca-inca.tar"
ExportDev "/dev/fd0"
ImportDev "/dev/fd0"
## Commands to be executed before and/or after the impoting process
## or exporting process.
PreIOExec "eject floppy"
PostIOExec "eject floppy"
## RBAC Section
## ============
#############
# variables #
#############
## rights
RBAC on
MODULE_NAME "RA_1"
## openssl
OpenSSL_DIR "/home/michael/OpenCA/Test/test1/OpenCA/etc/openssl/openssl"
EXT_DIR "/home/michael/OpenCA/Test/test1/OpenCA/etc/openssl/extfiles"
OPENSSL_SAMPLE_CONF
"/home/michael/OpenCA/Test/test1/OpenCA/etc/openssl/sample-openssl.conf"
OPENSSL_SAMPLE_EXT
"/home/michael/OpenCA/Test/test1/OpenCA/etc/openssl/sample-openssl.ext"
# genral
RBAC_DIR "/home/michael/OpenCA/Test/test1/OpenCA/etc/rbac"
OPERATIONS_DIR "operations"
MODULES_DIR "modules"
SCRIPT_CONFIG_DIR "scripts"
ROLES_DIR "roles"
RIGHTS_DIR "rights"
##########
# sheets #
##########
## Operations
ShowOperationsSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_operations.html"
AddOperationSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/add_operation.html"
ShowPreparedOperationSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_prepared_operation.html"
## Modules
ShowModulesSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_modules.html"
AddModuleSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/add_module.html"
ShowPreparedModuleSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_prepared_module.html"
## Scripts
ShowScriptsSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_scripts.html"
AddScriptSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/add_script.html"
ShowPreparedScriptSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_prepared_script.html"
## roles
ShowRolesSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_roles.html"
AddRoleSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/add_role.html"
ShowPreparedRoleSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_prepared_role.html"
## rights
ShowRightsSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_rights.html"
SearchRightsSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/search_rights.html"
AddRightSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/add_right.html"
ShowPreparedRightSheet
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/show_prepared_right.html"
######################
## support for PKIX ##
######################
SET_REQUEST_SERIAL_IN_DN "N"
REQUEST_SERIAL_NAME "sn"
SET_CERTIFICATE_SERIAL_IN_DN "Y"
CERTIFICATE_SERIAL_NAME "serialNumber"
DN_WITHOUT_EMAIL "Y"
AUTOMATIC_SUBJECT_ALT_NAME "Y"
DEFAULT_SUBJECT_ALT_NAME "Email"
######################
## support for PINs ##
######################
USE_REQUEST_PIN NO
# secure PIN_LENGTH limits the PIN itself so please use
# SECURE_PIN_RANDOM because this option ensures the number
# of the secret random bits
# 16 x 8 = 128 bit
SECURE_PIN_LENGTH 0
SECURE_PIN_RANDOM 16
MAIL_DIR "/home/michael/OpenCA/Test/test1/OpenCA/var/mail"
CRIN_MAIL_DIR "/home/michael/OpenCA/Test/test1/OpenCA/var/mail/crins"
SERVICE_MAIL_ACCOUNT "[EMAIL PROTECTED]"
REQUEST_PIN_MAIL
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/request_pin_mail.msg"
SECURE_PIN_MAIL
"/home/michael/OpenCA/Test/test1/OpenCA/lib/servers/ca/sheets/secure_pin_mail.msg"
