Greetings,
We are using OpenSSL
with OpenOSP to set up a CA and getting following error while initializing the OSP
server.
We would greatly appreciate if you can
throw some pointers :
22:57:56.499 01
ccmldap.c ccm_lookup_ldap_by_subje 0224 Checking for CA certificate
first
22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0235 Found CA cert; convert to internal form
at
22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0235 Found CA cert; convert to internal form
at
22:57:56.499*01*ccmldap.c
*ccm_lookup_ldap_by_subje*0245*Failed to convert ASN.1 CA
cert
22:57:56.499*01*ccmldap.c *ccm_lookup_ldap_by_subje*0245*OpenSSL: error:0D09F007:asn1 encoding routine
s:d2i_X509:expecting an asn1 sequence
22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0445 )) Unlocking &ccm.ldap.access_mutex
22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0445 Unlocked &ccm.ldap.access_mutex
22:57:56.499*01*ccmldap.c *ccm_lookup_ldap_by_subje*0245*OpenSSL: error:0D09F007:asn1 encoding routine
s:d2i_X509:expecting an asn1 sequence
22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0445 )) Unlocking &ccm.ldap.access_mutex
22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_subje 0445 Unlocked &ccm.ldap.access_mutex
The commands used to
create certificate are as per attached make_ca.sh file. The other attached files
are
decoded certificate,
openssl.cnf and openosp.cnf file that we are using in our setup. Kindly let
me
know what possibly
could be wrong.
Best
Regards,
Rajat
Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. |
openssl.cnf
Description: openssl.cnf
openosp.cnf
Description: openosp.cnf
# ./openssl x509 -in /usr/openosp/cacert.der -inform der -text Certificate: Data: Version: 3 (0x2) Serial Number: 5 (0x5) Signature Algorithm: md5WithRSAEncryption Issuer: C=IN, O=Wipro, CN=OSPServer Validity Not Before: Nov 15 11:27:44 2005 GMT Not After : Nov 15 11:27:44 2015 GMT Subject: C=IN, O=Wipro, CN=OSPServer Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cd:3e:e1:99:34:39:de:7e:5a:63:ab:65:7c:5f: 0d:14:6a:1a:00:89:91:32:35:64:67:b2:20:4e:9c: f2:c0:13:f6:ab:e6:6d:a0:53:a7:23:d8:66:49:49: 2e:56:11:36:94:dc:d9:88:cf:34:d6:f1:4a:ff:41: 64:27:3d:3c:07:2c:a8:fa:81:82:7b:60:4e:7e:8b: 5a:0f:19:ad:7d:3d:b8:cc:7f:57:17:11:89:a8:e5: b7:cf:00:70:9b:b4:ab:4c:e2:fc:d1:a5:3a:ac:66: 00:e1:bc:61:a8:5d:20:59:f0:fd:ca:e9:07:91:f1: de:91:16:6f:d1:2d:2e:29:d9 Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption c7:17:f5:b4:e2:f5:0d:bd:f5:17:7c:77:e2:1e:56:40:78:13: 34:52:d8:4f:be:43:24:d1:c2:3d:3f:16:53:0d:14:1e:be:0a: cd:71:59:d3:b0:fd:c4:76:75:b6:72:7e:65:06:f0:e5:34:d1: 16:4c:67:14:eb:0e:52:a8:41:ff:3a:89:82:7d:43:d5:87:aa: 4d:d4:ef:b6:cc:bd:40:e6:ec:c2:cc:e0:b8:90:74:ca:41:ee: ef:85:83:9e:2a:5b:b1:39:00:5d:b4:e1:b8:f8:e6:55:9b:d7: 04:22:0f:f5:14:32:69:31:da:24:6b:6e:f9:9a:6b:29:78:10: 1d:83 -----BEGIN CERTIFICATE----- MIIB1jCCAT+gAwIBAgIBBTANBgkqhkiG9w0BAQQFADAxMQswCQYDVQQGEwJJTjEO MAwGA1UEChMFV2lwcm8xEjAQBgNVBAMTCU9TUFNlcnZlcjAeFw0wNTExMTUxMTI3 NDRaFw0xNTExMTUxMTI3NDRaMDExCzAJBgNVBAYTAklOMQ4wDAYDVQQKEwVXaXBy bzESMBAGA1UEAxMJT1NQU2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQDNPuGZNDneflpjq2V8Xw0UahoAiZEyNWRnsiBOnPLAE/ar5m2gU6cj2GZJSS5W ETaU3NmIzzTW8Ur/QWQnPTwHLKj6gYJ7YE5+i1oPGa19PbjMf1cXEYmo5bfPAHCb tKtM4vzRpTqsZgDhvGGoXSBZ8P3K6QeR8d6RFm/RLS4p2QIDAQABMA0GCSqGSIb3 DQEBBAUAA4GBAMcX9bTi9Q299Rd8d+IeVkB4EzRS2E++QyTRwj0/FlMNFB6+Cs1x WdOw/cR2dbZyfmUG8OU00RZMZxTrDlKoQf86iYJ9Q9WHqk3U77bMvUDm7MLM4LiQ dMpB7u+Fg54qW7E5AF204bj45lWb1wQiD/UUMmkx2iRrbvmaayl4EB2D -----END CERTIFICATE-----
#!/bin/ksh
# Shell script: make_ca.sh # # Purpose: Make a CA certificate using OpenSSL commands # # (C) COPYRIGHT DATA CONNECTION LIMITED 2000 # # $Revision:: 1.2 $ $Modtime:: Aug 02 2000 10:05:42 $ SSL_PATH=${SSL_PATH:-/usr/local/ssl} # # Create a request # $SSL_PATH/bin/openssl req -new -newkey rsa:1024 -config $SSL_PATH/openssl.cnf \ -out careq.pem -keyout cakey.pem -nodes # # Create a temporary self-signed cert that we can use as a CA cert # $SSL_PATH/bin/openssl x509 -req -in careq.pem -signkey cakey.pem \ -extfile $SSL_PATH/openssl.cnf -extensions v3_ca -out cacert0.pem # # Sign the request using the temporary CA cert that we just made. # This effectively results in another CA cert, but this one has a # serial number. # $SSL_PATH/bin/openssl x509 -req -in careq.pem -CAkey cakey.pem \ -CA cacert0.pem -CAserial serial.txt -CAcreateserial \ -extfile $SSL_PATH/openssl.cnf -extensions v3_ca -days 3652 -outform DER \ -out cacert.der # # Delete the files we no longer need. # rm careq.pem rm cacert0.pem