Hi to everybody. I've found the reason why importing my certificates into the OpenXPKI fails (see my previous messsage).
As you remember I've successfuly imported existing root self-signed certificate but not the subordinate certificate that is signed by root one. The reason is in the content of the PEM files. PEM file of the self-signed certificate contains only the hexdump of the cert which is placed between two text strings - "BEGIN CERTIFICATE" and "END CERTIFICATE". Let's call such file the clear PEM-file. And there is no problem to import this cert through "openxpkiadm certificate import ..." command. The next certificate's PEM-file is produced by openssl utility and signed by my self-signed certificate. It also contains the same hexdump but in addtion it is prepended by the text srtings describing this certificate's field values. This is standard for OpenSSL and any OpenSSL API X509 function accepts such PEM-files. But OpenXPKI not. The decision is to create the clear PEM-file from existing one. To do it run the command like following: # openssl x509 -in subca_cert.pem > subca_clear_cert.pem The subca_clear_cert.pem file will contain only the certificate's hexdump without any describing text strings. The you can import clear PEM-file into your OpenXPKI instance. Conclusion. I think it is not right thing when OpenXPKI does not accept sertificates which are successfuly produced and verifyed by the OpenSSL suite. Please check the source code and fix it. With best regards, Sergey. ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
