OpenSSL error : 0D09F007

rajat.garg Fri, 18 Nov 2005 09:24:41 -0800

Greetings,

We are using OpenSSL with OpenOSP to set up a CA and getting following error while initializing the OSP server.

We would greatly appreciate if you can throw some pointers :

22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0224 Checking for CA certificate first
22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0235 Found CA cert; convert to internal form
at

22:57:56.499*01*ccmldap.c *ccm_lookup_ldap_by_subje*0245*Failed to convert ASN.1 CA cert
22:57:56.499*01*ccmldap.c *ccm_lookup_ldap_by_subje*0245*OpenSSL: error:0D09F007:asn1 encoding routine
s:d2i_X509:expecting an asn1 sequence
22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0445 )) Unlocking &ccm.ldap.access_mutex
22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0445 Unlocked &ccm.ldap.access_mutex

The commands used to create certificate are as per attached make_ca.sh file. The other attached files are

decoded certificate, openssl.cnf and openosp.cnf file that we are using in our setup. Kindly let me

know what possibly could be wrong.

Best Regards,

Rajat

Confidentiality Notice

The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately
and destroy all copies of this message and any attachments.

openssl.cnf
Description: openssl.cnf

openosp.cnf
Description: openosp.cnf

# ./openssl x509 -in /usr/openosp/cacert.der -inform der -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=IN, O=Wipro, CN=OSPServer
        Validity
            Not Before: Nov 15 11:27:44 2005 GMT
            Not After : Nov 15 11:27:44 2015 GMT
        Subject: C=IN, O=Wipro, CN=OSPServer
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:cd:3e:e1:99:34:39:de:7e:5a:63:ab:65:7c:5f:
                    0d:14:6a:1a:00:89:91:32:35:64:67:b2:20:4e:9c:
                    f2:c0:13:f6:ab:e6:6d:a0:53:a7:23:d8:66:49:49:
                    2e:56:11:36:94:dc:d9:88:cf:34:d6:f1:4a:ff:41:
                    64:27:3d:3c:07:2c:a8:fa:81:82:7b:60:4e:7e:8b:
                    5a:0f:19:ad:7d:3d:b8:cc:7f:57:17:11:89:a8:e5:
                    b7:cf:00:70:9b:b4:ab:4c:e2:fc:d1:a5:3a:ac:66:
                    00:e1:bc:61:a8:5d:20:59:f0:fd:ca:e9:07:91:f1:
                    de:91:16:6f:d1:2d:2e:29:d9
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption
        c7:17:f5:b4:e2:f5:0d:bd:f5:17:7c:77:e2:1e:56:40:78:13:
        34:52:d8:4f:be:43:24:d1:c2:3d:3f:16:53:0d:14:1e:be:0a:
        cd:71:59:d3:b0:fd:c4:76:75:b6:72:7e:65:06:f0:e5:34:d1:
        16:4c:67:14:eb:0e:52:a8:41:ff:3a:89:82:7d:43:d5:87:aa:
        4d:d4:ef:b6:cc:bd:40:e6:ec:c2:cc:e0:b8:90:74:ca:41:ee:
        ef:85:83:9e:2a:5b:b1:39:00:5d:b4:e1:b8:f8:e6:55:9b:d7:
        04:22:0f:f5:14:32:69:31:da:24:6b:6e:f9:9a:6b:29:78:10:
        1d:83
-----BEGIN CERTIFICATE-----
MIIB1jCCAT+gAwIBAgIBBTANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJJTjEO
MAwGA1UEChMFV2lwcm8xEjAQBgNVBAMTCU9TUFNlcnZlcjAeFw0wNTExMTUxMTI3
NDRaFw0xNTExMTUxMTI3NDRaMDExCzAJBgNVBAYTAklOMQ4wDAYDVQQKEwVXaXBy
bzESMBAGA1UEAxMJT1NQU2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDNPuGZNDneflpjq2V8Xw0UahoAiZEyNWRnsiBOnPLAE/ar5m2gU6cj2GZJSS5W
ETaU3NmIzzTW8Ur/QWQnPTwHLKj6gYJ7YE5+i1oPGa19PbjMf1cXEYmo5bfPAHCb
tKtM4vzRpTqsZgDhvGGoXSBZ8P3K6QeR8d6RFm/RLS4p2QIDAQABMA0GCSqGSIb3
DQEBBAUAA4GBAMcX9bTi9Q299Rd8d+IeVkB4EzRS2E++QyTRwj0/FlMNFB6+Cs1x
WdOw/cR2dbZyfmUG8OU00RZMZxTrDlKoQf86iYJ9Q9WHqk3U77bMvUDm7MLM4LiQ
dMpB7u+Fg54qW7E5AF204bj45lWb1wQiD/UUMmkx2iRrbvmaayl4EB2D
-----END CERTIFICATE-----

#!/bin/ksh


# Shell script: make_ca.sh
#
# Purpose:      Make a CA certificate using OpenSSL commands
#
# (C) COPYRIGHT DATA CONNECTION LIMITED 2000
#
# $Revision::   1.2                $ $Modtime::   Aug 02 2000 10:05:42   $

SSL_PATH=${SSL_PATH:-/usr/local/ssl}

#
# Create a request
#
$SSL_PATH/bin/openssl req -new -newkey rsa:1024 -config $SSL_PATH/openssl.cnf \
    -out careq.pem -keyout cakey.pem -nodes

#
# Create a temporary self-signed cert that we can use as a CA cert
#
$SSL_PATH/bin/openssl x509 -req -in careq.pem -signkey cakey.pem \
    -extfile $SSL_PATH/openssl.cnf -extensions v3_ca -out cacert0.pem

#
# Sign the request using the temporary CA cert that we just made.
# This effectively results in another CA cert, but this one has a
# serial number.
#
$SSL_PATH/bin/openssl x509 -req -in careq.pem -CAkey cakey.pem \
    -CA cacert0.pem -CAserial serial.txt -CAcreateserial \
    -extfile $SSL_PATH/openssl.cnf -extensions v3_ca -days 3652 -outform DER \
    -out cacert.der

#
# Delete the files we no longer need.
#
rm careq.pem
rm cacert0.pem

OpenSSL error : 0D09F007

Reply via email to