Newbie question: unable to load Netscape SPKAC structure
I'm following the CA recipe examples to do a CA setup under an AIX 5 environment. http://home.himolde.no/~kd/prosjekt/ca/ca.html openssl version 0.9.7 Browsers to test the client: Mozilla 1.0 or Netscape 7.01 When i try to sign the client certificate request... openssl ca -spkac certreq.9484 -days 365 Using configuration from /usr/local/contrib/openssl/openssl.cnf Enter pass phrase for /usr/local/etc/httpd/conf/ca/private/cakey.pem: unable to load Netscape SPKAC structure 19506:error:0B081076:x509 certificate routines:NETSCAPE_SPKI_b64_decode:base64 decode error:x509spki.c:91: Segmentation fault (core dumped) please, could you tell me what is wrong? sholud i modify my opsnssl.cnf? where? thank you very much. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Newbie question: unable to load Netscape SPKAC structure
At first, the certreq. is more certreq.8558 commonName = Client Example emailAddress = [EMAIL PROTECTED] organizationName = Org organizationalUnitName = Unit localityName = Madrid stateOrProvinceName = Madrid countryName = ES SPKAC = MIICUTCCATkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzBDKDXI3^MvflpWV X0NTusSZbAlB6DHd4UYJoX1iD8c6odYfKFOKWVVyzYcPFaleM7JM6YT3qB^MUCU30WzWy+kwphfPO6Kl ZwtFH6Sa7Ejeskd3j2a0rw0yBn05AP86bpW2p6wCeyHU^M40QGyw9d48zUKQQhS/7QKobscLU0Z63C4F uHblK7SCyoqNIAD8vdzt1DO4uSTLgR^MuDRri1v5OBEI1CXCgpqbqZEiK8VmNhDP5KZIEK25YLPH3IH6 fcSbmjJnOSvPlSFs^MiZPfGS/nZiLn9ZIc7yFTgvxpWlgN1lHOWaz4IN7zFcC5VkxiSpNnSKhslxMFUZ aQ^MZ6yybsZopdn/AgMBAAEWEWNoYWxsZW5nZVBhc3N3b3JkMA0GCSqGSIb3DQEBBAUA^MA4IBAQB8rN FFnrq1CXD7AT0bWfFfXar/ZAu5LDCv55uqhb4Kmah9KbVe3q5cT3W/^MMCOQrfuFasmQ1mGpNUwM4b2l YpEVWOgm6tiZHp8nfwz2a68jke5qrsfLtxO2FGEu^Mnc/EMqTs6h23PQlwDEU01E2Sqs6eovNOZYpuS0 fQtNdNBcTevMuV5sIYadUgX7S+^M673f1SnqQyJTHG3KlF7jmLpi/LyJtxFc/IvfqymHf2y4cakV0hMc vkBV6NlfzmSg^M01wcwY2VjyZ/+5rAPArnTSi4Nxx7guaIhkxVwjaHoQOnpUbFNsia32Uu8RJpSTCz hbvsl/kXThFgba5FGCkVbZuSJ7fy then i use the openssl ca -spkac certreq. -days 365 more certreq.8558 commonName = Client Example emailAddress = [EMAIL PROTECTED] organizationName = Org organizationalUnitName = Unit localityName = Madrid stateOrProvinceName = Madrid countryName = ES SPKAC = MIICUTCCATkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzBDKDXI3^MvflpWVX0NTu sSZbAlB6DHd4UYJoX1iD8c6odYfKFOKWVVyzYcPFaleM7JM6YT3qB^MUCU30WzWy+kwphfPO6KlZwtFH6Sa7E jeskd3j2a0rw0yBn05AP86bpW2p6wCeyHU^M40QGyw9d48zUKQQhS/7QKobscLU0Z63C4FuHblK7SCyoqNIAD 8vdzt1DO4uSTLgR^MuDRri1v5OBEI1CXCgpqbqZEiK8VmNhDP5KZIEK25YLPH3IH6fcSbmjJnOSvPlSFs^MiZ PfGS/nZiLn9ZIc7yFTgvxpWlgN1lHOWaz4IN7zFcC5VkxiSpNnSKhslxMFUZaQ^MZ6yybsZopdn/AgMBAAEWE WNoYWxsZW5nZVBhc3N3b3JkMA0GCSqGSIb3DQEBBAUA^MA4IBAQB8rNFFnrq1CXD7AT0bWfFfXar/ZAu5LDCv 55uqhb4Kmah9KbVe3q5cT3W/^MMCOQrfuFasmQ1mGpNUwM4b2lYpEVWOgm6tiZHp8nfwz2a68jke5qrsfLtxO 2FGEu^Mnc/EMqTs6h23PQlwDEU01E2Sqs6eovNOZYpuS0fQtNdNBcTevMuV5sIYadUgX7S+^M673f1SnqQyJT HG3KlF7jmLpi/LyJtxFc/IvfqymHf2y4cakV0hMcvkBV6NlfzmSg^M01wcwY2VjyZ/+5rAPArnTSi4Nxx7gua IhkxVwjaHoQOnpUbFNsia32Uu8RJpSTCz^Mhbvsl/kXThFgba5FGCkVbZuSJ7fy openssl spkac -in certreq.8558 Error loading SPKAC 26928:error:0B081076:x509 certificate routines:NETSCAPE_SPKI_b64_decode:base64 decode error:x509spki.c:91: Thank you in advanced. What does certreq.9484 look like? Especially when decoded with the "openssl spkac" tool? David García Aristegui wrote: I'm following the CA recipe examples to do a CA setup under an AIX 5 environment. http://home.himolde.no/~kd/prosjekt/ca/ca.html openssl version 0.9.7 Browsers to test the client: Mozilla 1.0 or Netscape 7.01 When i try to sign the client certificate request... openssl ca -spkac certreq.9484 -days 365 Using configuration from /usr/local/contrib/openssl/openssl.cnf Enter pass phrase for /usr/local/etc/httpd/conf/ca/private/cakey.pem: unable to load Netscape SPKAC structure 19506:error:0B081076:x509 certificate routines:NETSCAPE_SPKI_b64_decode:base64 decode error:x509spki.c:91: Segmentation fault (core dumped) please, could you tell me what is wrong? sholud i modify my opsnssl.cnf? where? thank you very much. -- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Newbie question: unable to load Netscape SPKAC structure
Thank you very much for the help!!! The charriage returns (^M)
appeared in the file because the browser was running in a MacOS X,
there is no problem if the Netscape client is runnig in Linux, for
example.
I have made a script to delete the charriage returns (^M).
But... when i try to sign the client certificate request
openssl ca -spkac certerq.
(...)
BEGIN CERTIFICATE-
MIIDvTCCAyagAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBmjELMAkGA1UEBhMCRVMx
DzANBgNVBAgTBk1hZHJpZDEUMBIGA1UEBxMLQ2FudG9ibGFuY28xEzARBgNVBAoT
CkVNQm5ldC9DTkIxETAPBgNVBAsTCENOQi1DU0lDMRgwFgYDVQQDEw9lcmlzLmNu
Yi51YW0uZXMxIjAgBgkqhkiG9w0BCQEWE25ldGFkbWluQGNuYi51YW0uZXMwHhcN
MDMwNzE1MTQ0NzM3WhcNMDQwNzE0MTQ0NzM3WjCBgzELMAkGA1UEBhMCRVMxDzAN
BgNVBAgTBk1hZHJpZDETMBEGA1UEChMKRU1CbmV0L0NOQjERMA8GA1UECxMIQ05C
LUNTSUMxGDAWBgNVBAMTD2VyaXMuY25iLnVhbS5lczEhMB8GCSqGSIb3DQEJARYS
ZW1haWxAeW91cmhvc3QuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH
2aA5rdIZXQVbz49/VFf8/1PK6IUsAq073uKHlT9tMwvyIQHFB6LPRbw4FoskB6jg
VXNDANqJbelNSBlLz4lg6fGu+DhNg5vqDy7IZS3TuiDZKAmgdNSiO6bfy8D/KM2I
7/8k2K0k49qJ3dysg++iI9TbVt7VnshtsZF5ECCO/wIDAQABo4IBJjCCASIwCQYD
VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFFonnvTPOSUM6uTJc4TTQhousHa/MIHHBgNVHSMEgb8w
gbyAFFIrWqlFW+S/O7gaJiqsalpsUx2joYGgpIGdMIGaMQswCQYDVQQGEwJFUzEP
MA0GA1UECBMGTWFkcmlkMRQwEgYDVQQHEwtDYW50b2JsYW5jbzETMBEGA1UEChMK
RU1CbmV0L0NOQjERMA8GA1UECxMIQ05CLUNTSUMxGDAWBgNVBAMTD2VyaXMuY25i
LnVhbS5lczEiMCAGCSqGSIb3DQEJARYTbmV0YWRtaW5AY25iLnVhbS5lc4IBADAN
BgkqhkiG9w0BAQQFAAOBgQAu1HSRQxxeQLbz/kbw9cVrOaMOHxLRRdpjIZ7NLpcV
mdjnF1IV6zvyHRV3kxNLHm0xpaXGWnfA9Ri/vzA0nqFCkUa3+Zyn/QQFtb829kdn
eZHzGMXElX3b9VGy8Jlvqi/Zvd+BQZ/j64B2rBYWrPrxqyaauuquM3pgwIh4ct5M
7Q==
-END CERTIFICATE-
Data Base Updated
Segmentation fault (core dumped)
Where can i found information about this error? Please, any ideas?
Thank you in advanced.
Richard Levitte - VMS Whacker wrote:
I see a number of embedded charriage returns (^M). hos need to be
removed.
Yes. My current experimental code does this, I don't believe I
would have put it in if it were not necessary:
} elsif ( $req=$data->{'spkac'} ) {# Netscape SPKAC
# $$ GET SERIAL NUMBER FROM DATABASE
$req =~ s/\s+//g; # Delete CR & LF
.
$req = 'SPKAC='.$req."\n".join("\n",@dn)."\n";
my $cert = spkcsign
$ENV{'UMCPCA_vault'},'ID Cert Signing Passphrase',
$ENV{'UMCPCA_OPENSSL'},$tmp,$serial,$req,
$certlife,$certmail;
# htmlfail htmlesce certtext $cert;
# $$ INSERT CERT INTO DATABASE
# $$ DELIVER CERT TO CLIENT
print "Content-Type: application/x-x509-user-cert\n\n$cert";
} else { # Neither PKCS10 nor SPKAC
htmlfail 'Neither PKCS10 nor SPKAC data returned...';
--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Segmentation fault after each use of openssl ca
Title: Segmentation fault after each use of openssl ca AIX 5, openssl version OpenSSL 0.9.7 31 Dec 2002 If i use for example openssl ca -policy policy_anything -out newcert.pem -infiles new.pem (...) 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated Segmentation fault (core dumped) could you tell me what is happening? thank you in advanced...
Newbie - Working with MSIE: Certenr3.dll
I'm triying to do a CGI script to deal with the Microsoft Explorer browser. In old documentation appears an Active X control, the Certenr3.dll With the new MSEI versions i think we should use Xenroll.dll, is avalilable script examples with this new dll? By the way, to distribute my certificate to a MSIE browser must be in DER format, right? Thank you in advanced... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Newbie - Working with MSIE: Certenr3.dll
Could you post to me this prototypes, please? Thank you very much indeed. David. I have a few prototypes that were back burnered during our current crisis (expiration of our old root on Aug 23). Do you want me to post them? Mail them to you privately? David García Aristegui wrote: I'm triying to do a CGI script to deal with the Microsoft Explorer browser. In old documentation appears an Active X control, the Certenr3.dll With the new MSEI versions i think we should use Xenroll.dll, is avalilable script examples with this new dll? By the way, to distribute my certificate to a MSIE browser must be in DER format, right? Thank you in advanced... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Question about "Set up your own Certification Authority usingfree software" text
I've read the Martin Ouwehand's "Set up your own Certification Authority using free software" text, http://slwww.epfl.ch/SIC/SL/CA/ and is very interesting and useful. For newbies like me, is available a complete howto like this but more updated? (with the new apache and openssl releases etc etc), the text was updated in 1998. Thank you in advanced. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
