Hello,
We have a setup using one offline root CA and several Sub-CAs. We want to use one of these Sub-CAs to manage the Administrator certificates for all other Sub-CAs.
Is it possible to use only one of the Sub-CAs to issue CA Operator certificates for use on all other Sub-CAs?
When signing a certificate request on another Sub-CA where the signing certificates serial number exists in the database, we get the following error:
Error 700
General Error Signer's certificate is corrupt!
OpenCA::X509 returns errorcode 7411021 (OpenCA::X509->new: Cannot initialize certificate (7412011). OpenCA::X509->init: No certificate present.).
It seems as if the Open CA looks for the admin certificate's serial number in ist own database and not at the certificate itself. When we try to sign the request with a admin certificate where the serial number is not in the database we get the error message that the serial number could not be found in the database.
Error 700
General Error Cannot find the certificate with the matching serial in the database!
Is this possible, and if yes, what are we doing wrong?
Mit freundlichen Grüßen / With Kind Regards
Max Schmid
T-Systems International GmbH
SL Network Services - Sales & Services Germany
Postfach 500130, D-80971 München
Dachauerstrasse 651, D-80995 München
