I'm having problems signing a CRR in the RA. I am able to properly sign
a CSR, so I think I have all the keys correct. This is using OpenCA 0.9.2.5
Two basic problems...
First, if the user uses a CRIN to request the CRR, I get "Cannot build
object from signature!" in the sender field of the request.
Second, either with a CRIN-requested or a RA-generated revoke, I get the
following when the RA attempts to sign the request:
Error 6206
*General Error* Cannot build PKCS#7-object from
extracted signature!
OpenCA::PKCS7 returns errorcode 7911031
(OpenCA::PKCS7->new: Cannot initialize signature
(7912021). OpenCA::PKCS7->initSignature: Cannot parse
signature (7921021). OpenCA::PKCS7->getParsed: The
crypto-backend cannot verify the signature (7742075).
OpenCA::OpenSSL->verify: openca-sv failed. [Error]:
Digest mismatch. Signature is wrong.
[Info]: Input file intialized.
[Info]: Signaturefile initialized.
[Info]: Reading Certificate file.
[Info]: PKCS#7 object loaded.
[Info]: Data is ready for verification.
[Info]: Signature Informations (PKCS#7):
depth:1 serial:E086663D1164A12D
subject:[EMAIL PROTECTED],CN=Corey
Minyard,OU=CGE,O=MontaVista,C=US
depth:0 serial:02
subject:serialNumber=2,CN=t-langley-1.minyard.local,OU=Internet,O=MontaVista,C=US
[Info]: Signature is corrupt. Errorcode -1.
signature:error:-1
).
I have hunted and I can't figure out what is wrong.
If I approve the revoke request without signing, everything works, but
that is obviously sub-optimal.
If anyone can help, I would greatly appreciate it.
Thanks,
-corey
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
