>>> [EMAIL PROTECTED] 05.05 10:15 >>> >I think, this could be an problem - usaly i have the dns in the subject >to... but i don't know - maybe you requested a serial in the cert, since >the ca enroll command isn't included in your e-mail ;o)
No, I didn't :-P >in general i have deactivated the writing of serials in the subject or >something like this, since the serial is part of the certificate anyway OK, I deactivated "SET_CERTIFICATE_SERIAL_IN_DN "N"" in ra.conf and ca.conf... But now I cannot issue the certificates anymore!!! I generated a new CSR with the same parameters and same X550 directory content - It shows up at the ra and ca and I can edit it. but when I try to issue it i am asked for the CA key (as usual) but after that I just get a blank screen... Debug info is: writing RSA key OpenCA::Token::OpenSSL->new: class instantiated<br> OpenCA::Token::OpenSSL->new: crypto and name present<br> OpenCA::Token::OpenSSL->new: NAME CA<br> OpenCA::Token::OpenSSL->new: PASSWD_PARTS 1<br> OpenCA::Token::OpenSSL->OpenCA::Token::OpenSSL: AUTOLOAD => OpenCA::Token::OpenSSL::getReqAttribute<br> OpenCA::Token::OpenSSL->OpenCA::Token::OpenSSL: AUTOLOAD => OpenCA::Token::OpenSSL::getCertAttribute<br> OpenCA::Token::OpenSSL->OpenCA::Token::OpenSSL: AUTOLOAD => OpenCA::Token::OpenSSL::getNumericDate<br> OpenCA::Token::OpenSSL->OpenCA::Token::OpenSSL: AUTOLOAD => OpenCA::Token::OpenSSL::setParams<br> OpenCA::Token::OpenSSL->OpenCA::Token::OpenSSL: AUTOLOAD => OpenCA::Token::OpenSSL::issueCert<br> OpenCA::Token::OpenSSL->OpenCA::Token::OpenSSL: AUTOLOAD => OpenCA::Token::OpenSSL::DESTROY<br> Whats going on now? When I undo my changes in ra.conf and ca.conf the error persists! Issueing another certificate (e.g. generated with the public interface) still works for me! >> X509v3 Subject Alternative Name: >> DNS:pix.*mydomain*.de, email:[EMAIL PROTECTED] >this looks ok, as far as i see - i'm not sure if the pix maybe falls >over the email in subject alternative name, but shouldn't be an problem > >have you tried - just to enroll egain? very often - the pix then just >accepts the issued certificate - i havn't find out exactly why it can't >successfully finish the first transaction but takes the cert in the >second transaction... (this is for pix 515), usaly there is no >interaction at the pki required - because the certificate is already >issued, if the request stays the same I tried this as well - with the same result... >greetings >dalini thanks for your answer, jörg ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
