On Tuesday 03 February 2009 13:45:26 Alexander Klink wrote:
Hi, again!
> Hi Sergey,
>
> On Tue, Feb 03, 2009 at 01:31:07PM +0300, Sergey V. Koupreyenko wrote:
> > Hi, Alex! Thank you so much for your response. I've tried to run the
> > command:
> >
> > # openxpkiadm certificate import --realm MYCA \
> > --issuer-realm MYCA --file /usr1/myca/ca/sub_ca/services/ca_cert.pem \
> > --issuer CA_ROOT_MYCA
> >
> > but got the same diagnostics:
> >
> > I18N_OPENXPKI_CRYPTO_X509_INIT_OBJECT_FAILED; __ERRVAL__ =>
> > I18N_OPENXPKI_CRYPTO_OPENSSL_GET_OBJECT_NO_REF
>
> Hmmm, that's weird. The error message looks a bit like there is
> something wrong with the certificate itself. Does openssl x509 -in
> /usr1/myca/ca/sub_ca/service/ca_cert.pem -noout -text report something
> sensible?
Here is the output of the command you have advised (openssl x509 ...):
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=RU, ST=Russian Federation, L=St. Petersburg, O=RUSNet ,
Ltd., OU=RUSNet Certification Authority, CN=RUSNet Root
CA/[email protected]
Validity
Not Before: Feb 3 07:05:35 2009 GMT
Not After : Jan 31 07:05:35 2024 GMT
Subject: C=RU, ST=Russian Federation, L=St. Petersburg, O=RUSNet ,
Ltd., OU=RUSNet Certification Authority, CN=RUSNet Services
CA/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:e9:d1:51:aa:5e:72:29:c7:43:13:8c:dd:87:c4:
a2:cd:23:58:e9:ed:ea:3a:7c:2d:92:79:14:a7:a9:
b7:83:c3:83:86:a1:f8:a4:b7:1f:30:ee:f5:ec:01:
84:c3:e2:64:02:0e:f5:fb:12:31:d7:14:55:98:d0:
62:69:0a:2c:9d:2b:a7:70:bd:a8:24:63:e8:de:5f:
01:72:47:8a:81:85:b4:9c:8a:eb:72:fb:5c:5a:a4:
11:4b:94:00:f8:a0:6e:1b:f8:26:e9:fd:66:d0:1b:
27:fb:e6:f4:df:c6:f5:3f:bb:a3:ef:7c:10:b4:30:
de:dd:9a:c6:6b:ab:00:a5:dc:ca:29:2b:83:e5:61:
0b:f5:17:3c:70:28:18:cf:9f:d3:6e:06:49:98:f9:
e1:32:8f:15:29:ae:1c:7f:6e:be:98:a4:20:04:fd:
9f:89:52:74:a1:dd:5c:90:87:07:8c:81:0d:b4:df:
82:0b:62:52:03:01:60:18:6c:a7:e3:d4:72:93:94:
3d:ce:b6:c3:e3:bd:3e:93:b6:7e:d7:42:09:fd:f4:
18:c2:1f:7d:c5:1a:49:00:72:7d:f7:74:b0:ec:73:
3c:1e:53:70:c7:78:37:5c:07:19:28:c6:02:ef:eb:
8a:1b:b8:f0:b7:9f:83:aa:32:28:22:06:57:ed:0b:
b5:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
8f:3f:a0:f5:de:0f:f0:4a:16:5a:23:d9:8f:64:19:70:4f:c5:
b2:62:c4:ea:b5:0b:97:0c:9d:0c:11:7d:36:c0:71:2f:62:6c:
42:0d:f5:02:a3:91:26:74:30:a1:31:8f:78:17:18:14:5c:1e:
a8:2c:96:87:20:18:a2:8e:98:9e:e3:37:de:e8:73:5b:35:6c:
d7:0d:c5:c5:c8:97:cb:81:89:d9:cf:d3:55:d3:6c:a2:05:c6:
00:5b:89:44:e9:b6:40:9c:b6:2e:39:dd:b6:b8:ae:79:5d:5c:
34:e5:04:22:33:99:d3:30:04:a3:41:4d:36:d6:fe:d7:ff:ee:
94:df
>
> > For more information, i am using PostgreSQL as a backend storage.
>
> I doubt that this is the reason, but on the other hand the PostgreSQL
> support is not very well tested. Just as an idea, can you try using the
> identifier instead of the alias in the '--issuer' option?
I've tried using identifier instead alias. But without success. Diagnostics
messages are the same.
So what well tested backend you can advise me? It will be interesting to go
the same way with new backend. May be the PostgreSQL is not a good choice for
now.
Sergey.
>
> Cheers,
> Alex
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
