Hi, I'm currently trying to set up OpenCA 0.9.1 RC5 with a standalone CA and a networked RA.
During the initialization of the CA, Phase 1 (Initialize the Certification Authority), Step 3 (Request Setup) the generation of the new CA Certificate Request fails. The apache log sheds tears of pain about an unsupported encryption in pem_lib.c. When I'm trying to issue the openssl-command by hand used in OpenSSL.genReq I get the same error. What is the cause? Any hints are welcome! THX in advance! **** Output of OpenSSL (by hand): <<< schnipp nullnullsix:/usr/local/openca# /usr/local/ssl/bin/openssl req -new -config /usr/local/openca.0.9.1/etc/openssl/openssl.cnf -passin env:pwd -subj \/C\=DE\/O\=OpenCA\/OU\=MyUnit\/CN\=Name\ Surname\/emailAddress\=camanager\@domain\.org -key /usr/local/openca.0.9.1/var/crypto/keys/cakey.pem -out /usr/local/openca.0.9.1/var/crypto/reqs/careq.pem unable to load Private Key 17616:error:0906B072:PEM routines:PEM_get_EVP_CIPHER_INFO:unsupported encryption:pem_lib.c:469: nullnullsix:/usr/local/openca# >>> schnapp **** Output of OpenCA: <<< schnipp Error 7211031 General Error. Cannot initialize an new object of OpenCA::REQ. ([EMAIL PROTECTED], Name Surname, MyUnit, OpenCA, DE) (Subject: [EMAIL PROTECTED], CN=Name Surname, OU=MyUnit, O=OpenCA, C=DE) OpenCA::REQ->new: Cannot open infile /usr/local/openca.0.9.1/var/crypto/reqs/careq.pem for reading.. >>> schnapp **** messages in apache-log: <<< schnipp Generating RSA private key, 2048 bit long modulus ..............................................+++ ............................................................................ .....................................+++ e is 65537 (0x10001) unable to load Private Key 17616:error:0906B072:PEM routines:PEM_get_EVP_CIPHER_INFO:unsupported encryption:pem_lib.c:469: General Error Trapped 7211031: <BR>Cannot initialize an new object of OpenCA::REQ.<BR><BR> ([EMAIL PROTECTED], name surname, MyUnig, OpenCA, DE)<br> (Subject: [EMAIL PROTECTED], CN=name surname, OU=MyUnit, O=OpenCA, C=DE)<br><br> OpenCA::REQ->new: Cannot open infile /usr/local/openca.0.9.1/var/crypto/reqs/careq.pem for reading. at /usr/local/openca.0.9.1/lib/functions/misc-utils.lib line 38. Compilation failed in require at /usr/local/openca/apache/cgi-bin/ca/ca line 194. >>> schnapp **** Output of OpenCA-Debug: <<< schnipp OpenCA::OpenSSL->genReq: subject_rfc2253: [EMAIL PROTECTED], CN=Name Surname, OU=MyUnit, O=OpenCA, C=DE OpenCA::OpenSSL->genReq: subject_x500: /C=DE/O=OpenCA/OU=MyUnit/CN=Name [EMAIL PROTECTED] OpenCA::OpenSSL->genReq: command: /usr/local/ssl/bin/openssl req -new -config /usr/local/openca.0.9.1/etc/openssl/openssl.cnf -passin env:pwd -subj \/C\=DE\/O\=OpenCA\/OU\=MyUnit\/CN\=Name\ Surname\/emailAddress\=camanager\@domain\.org -key /usr/local/openca.0.9.1/var/crypto/keys/cakey.pem -out /usr/local/openca.0.9.1/var/crypto/reqs/careq.pem OpenCA::OpenSSL->genReq: error detected OpenCA::OpenSSL->genReq: original errorcode: 256 OpenCA::OpenSSL->genReq: deleting error >>> schnapp **** Versions depicted on OpenCA: <<< schnipp OpenCA (CA Manager Version 0.9.1) Module Version OpenSSL 0.9.70 Tools 0.4.3 DB 2.0.5 Configuration 1.5.3 TRIStateCGI 1.5.5 REQ 0.9.36 X509 0.9.30 CRL 0.9.11 PKCS7 0.9.12 >>> schnapp **** Version of OpenSSL: <<< schnipp nullnullsix:/usr/local/openca# /usr/local/ssl/bin/openssl version OpenSSL 0.9.7-beta3 30 Jul 2002 nullnullsix:/usr/local/openca# >>> schnapp Greetinx helmut ------------------------------------------------------- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
