[EMAIL PROTECTED] wrote: > Hello dalini, > > The routers now accept the CA certificate but refuses to accept the request > from the router? > Here is the last part of the stderror output of OpenCA. The first part only > lists all certificates already issued. >
> DEBUG: OpenCA::DBI->getResultItem: format: PEM > DEBUG: OpenCA::DBI->getResultItem: have all data > DEBUG: OpenCA::DBI->getResultItem: return item > DEBUG: OpenCA::DBI->Entering set_error ... > DEBUG: OpenCA::DBI->errno: gettext is defined > DEBUG: OpenCA::DBI->errno: new errorcode is 0 > DEBUG: OpenCA::DBI->searchItems: add an object to the returnlist > DEBUG: OpenCA::DBI->searchItems: leaving function successfully > DEBUG: OpenCA::DBI->Entering set_error ... > DEBUG: OpenCA::DBI->errno: gettext is defined > DEBUG: OpenCA::DBI->errno: new errorcode is 0 > cmds->scepCheckRequest: renewal allowed > cmds->scepCheckRequest: multiple certificates matched this request, not yet > implemented > It looks like SCEP beleives that a certificate already matches the request. > Any idea where I can look?? > cmds->scepCheckRequest: multiple certificates matched this request, not yet implemented right, this is the extended interface from martin, i think, the 'problem' is the following: there is already a former request with the exact same dn in it has this been revoked properly? maybe the database request doesn't check for the status of the old certificate... a seconde problem with this could be the openssl, since in the 0.9.7 series openssl doesn't support issuing of certificates with the same dn either (micha wrote a patch for the c version, this can be adopted for later version with some minor changes, and its a quite small patch, so not to much effort) so - if possible a plain database may help if i remember right, martin implemented the behavior like this: but a closer look into the used scepPKIOperation should show, what the code really does... and how certificates are looked up and compared... greetings dalini ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
