Hi,
I'm working with OpenCa 0.9.0-2 and openldap 2.0.23
After installation, I've initialised the CA, operator and RA server.
Then I've exported the CA root certificate, (Update LDAP ->
CA-certificates), withouth any problem.
But when I've tried to export operator and server certificate, (Update LDAP
-> Certificates), I've got the following errors:
Certificate 1 FAILED
Certificate 2 FAILED
To get more details I've put DEBUG = 1 in ldap-utils.lib for addLDAPobject
and addLDAPattribute.
Below follows the output, first for ca-certificates (right exported), and
second for normal certificates (errors):
CA CERTIFICATE FOLLOW
-----------------------------------------------------------------------------------------
Exporting valid ca-certificates to LDAP ...
(Please wait until operation completes)
Checking for a special DN where to store CA-certificates ...
There is no special DN specified.
Adding valid CA-certificates to the LDAP server ...Information of
the Object:
dn [EMAIL PROTECTED],CN=CA
root,OU=Root CA,OU=CA base,O=Metacampus PKI
des090,C=ES
cn CA root
serID 0
email [EMAIL PROTECTED]
ou ARRAY(0x8983d7c)
o Metacampus PKI des090
l
st
c ES
End of the information of the Object.
element of baseDN: O=Metacampus PKI des090
element of baseDN: C=ES
element of the inserted DN:
[EMAIL PROTECTED]
element of the inserted DN: CN=CA root
element of the inserted DN: OU=Root CA
element of the inserted DN: OU=CA base
element of the inserted DN: O=Metacampus PKI des090
element of the inserted DN: C=ES
Checking RootDN of Certificate ...
Inserted DN BaseDN
h_basedn: ES
h_dn: ES
h_basedn_attribute: C
h_dn_attribute: C
h_basedn: Metacampus PKI des090
h_dn: Metacampus PKI des090
h_basedn_attribute: O
h_dn_attribute: O
Checking the length of the DN of the Certificate ...
Building the missing nodes of the LDAP-tree ...
Try to add O=Metacampus PKI des090,C=ES ...
LDAP Schema DN: O=Metacampus PKI des090,C=ES
node doesn't exist
Attributes for the insertion:
o = Metacampus PKI des090
authorityRevocationList;binary =
certificateRevocationList;binary =
cACertificate;binary =
objectclass = ARRAY(0x89a33b8)
Must setup a CA-cert
The resultcode of the nodeinsertion was 0.
Try to add OU=CA base,O=Metacampus PKI des090,C=ES ...
LDAP Schema DN: OU=CA base,O=Metacampus PKI
des090,C=ES
node doesn't exist
Attributes for the insertion:
ou = ARRAY(0x89bb7f0)
authorityRevocationList;binary =
certificateRevocationList;binary =
cACertificate;binary =
objectclass = ARRAY(0x89f6f50)
Must setup a CA-cert
The resultcode of the nodeinsertion was 0.
Try to add OU=Root CA,OU=CA base,O=Metacampus PKI
des090,C=ES ...
LDAP Schema DN: OU=Root CA,OU=CA base,O=Metacampus
PKI des090,C=ES
node doesn't exist
Attributes for the insertion:
ou = ARRAY(0x89f70dc)
authorityRevocationList;binary =
certificateRevocationList;binary =
cACertificate;binary =
objectclass = ARRAY(0x89f4ffc)
Must setup a CA-cert
The resultcode of the nodeinsertion was 0.
Try to add CN=CA root,OU=Root CA,OU=CA
base,O=Metacampus PKI des090,C=ES ...
LDAP Schema DN: CN=CA root,OU=Root CA,OU=CA
base,O=Metacampus PKI des090,C=ES
node doesn't exist
Attributes for the insertion:
objectclass = ARRAY(0x89f7100)
o = Metacampus PKI des090
authorityRevocationList;binary =
certificateRevocationList;binary =
cACertificate;binary =
Must setup a CA-cert
The resultcode of the nodeinsertion was 0.
Try to add
[EMAIL PROTECTED],CN=CA
root,OU=Root CA,OU=CA base,O=Metacampus PKI
des090,C=ES ...
LDAP Schema DN:
[EMAIL PROTECTED],CN=CA
root,OU=Root CA,OU=CA base,O=Metacampus PKI
des090,C=ES
node doesn't exist
Attributes for the insertion:
objectclass = ARRAY(0x89c8224)
o = Metacampus PKI des090
authorityRevocationList;binary =
certificateRevocationList;binary =
cACertificate;binary =
Must setup a CA-cert
The resultcode of the nodeinsertion was 0.
addLDAPattribute: DN=
[EMAIL PROTECTED],cn=CA
root,ou=Root CA,OU=CA base,o=Metacampus PKI
des090,c=ES
attr: cACertificate;binary
LDAP Searchfilter: (cACertificate;binary=*)
LDAP Search Mesg-Code 0
LDAP Search Mesg-Count 1
Starting LDAP-modify: dn is
[EMAIL PROTECTED],cn=CA
root,ou=Root CA,OU=CA base,o=Metacampus PKI
des090,c=ES
Success (Attribute successfully inserted.)
Certificate 0 OK
� 1998-2002 by Massimiliano Pala and the OpenCA Group.
LDAP Administration Gateway - Version 0.9.0
-----------------------------------------------------------------------------------------
NORMAL CERTIFICATES FOLLOW
-----------------------------------------------------------------------------------------
Updating certificates on the LDAP server
(Please wait until operation completes)
Exporting valid certificates to LDAP ...Information of the Object:
dn serialNumber=01,CN=Miquel Golobart 0902,OU=Root
operator,OU=CA base,O=Metacampus PKI des090,C=ES
cn Miquel Golobart 0902
serID 1
email [EMAIL PROTECTED]
ou ARRAY(0x897cbd8)
o Metacampus PKI des090
l
st
c ES
End of the information of the Object.
element of baseDN: O=Metacampus PKI des090
element of baseDN: C=ES
element of the inserted DN: serialNumber=01
element of the inserted DN: CN=Miquel Golobart 0902
element of the inserted DN: OU=Root operator
element of the inserted DN: OU=CA base
element of the inserted DN: O=Metacampus PKI des090
element of the inserted DN: C=ES
Checking RootDN of Certificate ...
Inserted DN BaseDN
h_basedn: ES
h_dn: ES
h_basedn_attribute: C
h_dn_attribute: C
h_basedn: Metacampus PKI des090
h_dn: Metacampus PKI des090
h_basedn_attribute: O
h_dn_attribute: O
Checking the length of the DN of the Certificate ...
Building the missing nodes of the LDAP-tree ...
Try to add O=Metacampus PKI des090,C=ES ...
LDAP Schema DN: O=Metacampus PKI des090,C=ES
node exists
Try to add OU=CA base,O=Metacampus PKI des090,C=ES ...
LDAP Schema DN: OU=CA base,O=Metacampus PKI
des090,C=ES
node exists
Try to add OU=Root operator,OU=CA base,O=Metacampus
PKI des090,C=ES ...
LDAP Schema DN: OU=Root operator,OU=CA
base,O=Metacampus PKI des090,C=ES
node exists
Try to add CN=Miquel Golobart 0902,OU=Root
operator,OU=CA base,O=Metacampus PKI des090,C=ES ...
LDAP Schema DN: CN=Miquel Golobart 0902,OU=Root
operator,OU=CA base,O=Metacampus PKI des090,C=ES
node doesn't exist
Attributes for the insertion:
objectclass = ARRAY(0x8a1b008)
cn = Miquel Golobart 0902
sn = Golobart 0902
ou = ARRAY(0x8a1b0f8)
o = Metacampus PKI des090
mail = [EMAIL PROTECTED]
Must setup a normal cert
The resultcode of the nodeinsertion was 65.
Certificate 1 FAILED
Information of the Object:
dn serialNumber=02,CN=metacampus.sema.es,OU=Root
RA,OU=CA base,O=Metacampus PKI des090,C=ES
cn metacampus.sema.es
serID 2
email [EMAIL PROTECTED]
ou ARRAY(0x899cb48)
o Metacampus PKI des090
l
st
c ES
End of the information of the Object.
element of baseDN: O=Metacampus PKI des090
element of baseDN: C=ES
element of the inserted DN: serialNumber=02
element of the inserted DN: CN=metacampus.sema.es
element of the inserted DN: OU=Root RA
element of the inserted DN: OU=CA base
element of the inserted DN: O=Metacampus PKI des090
element of the inserted DN: C=ES
Checking RootDN of Certificate ...
Inserted DN BaseDN
h_basedn: ES
h_dn: ES
h_basedn_attribute: C
h_dn_attribute: C
h_basedn: Metacampus PKI des090
h_dn: Metacampus PKI des090
h_basedn_attribute: O
h_dn_attribute: O
Checking the length of the DN of the Certificate ...
Building the missing nodes of the LDAP-tree ...
Try to add O=Metacampus PKI des090,C=ES ...
LDAP Schema DN: O=Metacampus PKI des090,C=ES
node exists
Try to add OU=CA base,O=Metacampus PKI des090,C=ES ...
LDAP Schema DN: OU=CA base,O=Metacampus PKI
des090,C=ES
node exists
Try to add OU=Root RA,OU=CA base,O=Metacampus PKI
des090,C=ES ...
LDAP Schema DN: OU=Root RA,OU=CA base,O=Metacampus
PKI des090,C=ES
node exists
Try to add CN=metacampus.sema.es,OU=Root RA,OU=CA
base,O=Metacampus PKI des090,C=ES ...
LDAP Schema DN: CN=metacampus.sema.es,OU=Root
RA,OU=CA base,O=Metacampus PKI des090,C=ES
node doesn't exist
Attributes for the insertion:
objectclass = ARRAY(0x8a18e78)
cn = metacampus.sema.es
sn = metacampus.sema.es
ou = ARRAY(0x8a1b260)
o = Metacampus PKI des090
mail = [EMAIL PROTECTED]
Must setup a normal cert
The resultcode of the nodeinsertion was 65.
Certificate 2 FAILED
Removing revoked certificates from LDAP ...
Removing suspended certificates from LDAP ...
� 1998-2002 by Massimiliano Pala and the OpenCA Group.
LDAP Administration Gateway - Version 0.9.0
-----------------------------------------------------------------------------------------
Can anyone helps me?
Thanks in advance.
------------------------------------------------------------------
This email is confidential and intended solely for the use of the individual to whom
it is addressed. Any views or opinions presented are solely those of the author and do
not necessarily represent those of SchlumbergerSema.
If you are not the intended recipient, be advised that you have received this email in
error and that any use, dissemination, forwarding, printing, or copying of this email
is strictly prohibited.
------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
