Dmitry,
On Wed, Jan 28, 2009 at 04:19:47PM +0500, Dmitry Golomolzin wrote:
> Corresponding part of the /var/log/openxpki.log file:
>
> Workflow.ERROR Caught exception from action:
> I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ =>
> OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_cert; __ERRVAL__ =>
> I18N_OPENXPKI_CRYPTO_CLI_ERROR; __ERRVAL__ => Using configuration from
> /var/tmp/openxpkiXXRv5D
> unable to load CA private key
> 1383:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:evp_enc.c:466:
> 1383:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal
> error:p12_decr.c:97:
> 1383:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt
> error:p12_decr.c:123:
> 1383:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1
> lib:pem_pkey.c:125:
> unable to write 'random state'
This looks like the password for the private key is incorrect. Have you
unlocked the key prior to issuing the certificate? You should use
something along the lines of:
$msg = $client->send_receive_command_msg(
'set_secret_part',
{
'SECRET' => 'default',
'PART' => 1,
'VALUE' => '1234567890',
},
);
to set the secret and you can use
$msg = $client->send_receive_command_msg(
'is_secret_complete',
{
'SECRET' => 'default',
},
);
to check if the required number of secrets has been entered (note that this
does not check whether the passphrase is correct, though).
HTH,
Best regards,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer
[email protected] | working @ urn:oid:1.3.6.1.4.1.11417
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
