Here is where I found the UID was ignored and the error that I got when I use UID.
OpenCA setup
1. Genernal -> Initialization -> Initialize the Certification Authority -> Generate new CA Certificate Request -> (fill in the information and click OK )
Change the DN from "[EMAIL PROTECTED],CN=My CA,DC=domain,DC=com" to "[EMAIL PROTECTED],CN=My CA,uid=ca,DC=domain,DC=com" and click "OK"
on the last screen, the Subject is "[EMAIL PROTECTED],CN=My CA,DC=domain,DC=com",
uid is missing from the Subject. I check the database as well and can't see uid neither.
2. General -> Initialization -> Create the initial administrator -> Edit the Request
uid field didn't show up in the Subject section but it is ok, I can add. fill in those information and click "OK"
now I am on the "Waiting for Approval" screen, I can see "uid" under "Distinguished Name"..., then click "Issue Certificate"
then I got the following error..
OpenCA::OpenSSL returns errocode 7731075 (OpenCA::OpenSSL->issueCert: OpenSSL fails (7777067). Using configuration from /usr/local/openca/etc/openssl/openssl/CA_Operator.conf
Check that the request matches the signature
Signature ok
Subject Attribute uid has no known NID, skipped
The Subject's Distinguished Name is as follows
domainComponent :PRINTABLE:'COM'
domainComponent :PRINTABLE:'ThoughtWorks'
domainComponent :PRINTABLE:'Corporate-Dev'
organizationalUnitName:PRINTABLE:'People'
commonName :PRINTABLE:'ThoughtWorks Certification Authority'
serialNumber :PRINTABLE:'1'
uid:unknown object type in 'policy' configuration
error in ca
If I skip using UID in the certificate, disable "LDAP Auto Update", manaully add the certifcate to LDAP with modified DN, it is ok. Is that how you make the UID work?
thanks
Barrow
| dalini <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 10/26/2004 03:48 PM
|
|
Barrow H Kwan wrote:
>
> We are using ldap for authentication. User information is stored
> under uid=test,ou=People,dc=domain,dc=com. We would like to store
> user certificate under the same entry instead of a differentone like
> serial_no=1111,CN=test, ou=Peopld,cd=domain,dc=com.
>
> I have changed all the templates form to add the uid elements and
> re-run configure_etc.sh
>
> eg
> ...
> DN_TYPEBASIC_ELEMENTS "emailAddress" "CN" "uid" "OU"
> ...
> DN_TYPE_BASIC_ELEMENT_3 "Unix ID"
> DN_TYPE_BASIC_ELEMENT_3_MINIMUM_LENGTH 1
> .....
>
> But the uid kept ignore by OpenCA. What am I missing?
>
no, this can't be, i had this running with uid too already some time ago
did you change this on the ra and ca?
greetings
dalini
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
smime.p7s
Description: S/MIME Cryptographic Signature
