I'm having problems signing a CRR in the RA. I am able to properly sign a CSR, so I think I have all the keys correct. This is using OpenCA 0.9.2.5
Two basic problems... First, if the user uses a CRIN to request the CRR, I get "Cannot build object from signature!" in the sender field of the request. Second, either with a CRIN-requested or a RA-generated revoke, I get the following when the RA attempts to sign the request: Error 6206 *General Error* Cannot build PKCS#7-object from extracted signature! OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv failed. [Error]: Digest mismatch. Signature is wrong. [Info]: Input file intialized. [Info]: Signaturefile initialized. [Info]: Reading Certificate file. [Info]: PKCS#7 object loaded. [Info]: Data is ready for verification. [Info]: Signature Informations (PKCS#7): depth:1 serial:E086663D1164A12D subject:[EMAIL PROTECTED],CN=Corey Minyard,OU=CGE,O=MontaVista,C=US depth:0 serial:02 subject:serialNumber=2,CN=t-langley-1.minyard.local,OU=Internet,O=MontaVista,C=US [Info]: Signature is corrupt. Errorcode -1. signature:error:-1 ). I have hunted and I can't figure out what is wrong. If I approve the revoke request without signing, everything works, but that is obviously sub-optimal. If anyone can help, I would greatly appreciate it. Thanks, -corey ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users