I'm trying to receive the response of a signer of time and am getting the
erro:
root@digic:/opt/CaIC/tsa/tsa-0.2# openssl ts -verify -queryfile
teste.txt.tsq -in teste.txt.tsr -CAfile /opt/CaIC/tsa/tsa.crt
Verification: FAILED
3074406076:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer
certificate not found:pk7_smime.c:476:
I'm trying to create a http TSA, but all references I have are for opentsa
that is down.
Follow the conf for my TSA:
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = /opt/CaIC/tsa # TSA root directory
serial = $dir/tsaserial # The current serial number
(mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsa.crt # The TSA signing certificate
# (optional)
certs = /opt/CaIC/cacert.pem # Certificate chain to include in
reply
# (optional)
signer_key = $dir/tsa.key # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify
it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies
(optional)
digests = md5, sha1 # Acceptable message digests
(mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the
reply?
# (optional, default: no)
ess_cert_id_chain = yes # Must the ESS cert id chain be included?
# (optional, default: no)
Thanks
--
View this message in context:
http://openssl.6102.n7.nabble.com/Error-PKCS7-get0-signers-signer-certificate-not-found-tp53311.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]