Bernd Probst wrote:
The certs are marked as active, but i can see no serial number at the ca certificate in the pix. Is this correct??
yes this correct, since the ca-cert has a serial number of zero ;o) which pix interpretes as not available...
I tried to edit the request with the correct DN. Then OpenCA was able to issue the certificate, butyeah - i have some ideas ;o)
nevertheless the PIX was not able to show this certificate with "show ca cert". But the pending request
(Pending 102) at PIX trace was changed to granted (Granted 100). I thought this is it. But NO!!! The PIX shows only the ra and the ca certificate !!! Has anyone an idea what went wrong ???
Third you use OpenSSL 0.9.7. Explanation:
1. Subject you want to create:
unstructuredAddress=vpn.hu-berlin.de+cn=vpn.hu-berlin.de,o=hu-berlin,c=DE
2. Result with 0.9.7
unstructuredAddress="vpn.hu-berlin.de+cn=vpn.hu-berlin.de" o=hu-berlin c=DE
The PIX doesn't know this server of course. Only the new OpenSSL snapshots support such special subjects. You can install OpenCA with an OpenSSL 0.9.7 and later you can configure OpenSSL 0.9.8 aka SNAPs in token.xml for the CA token.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
