subject:"Newbie question\: unable to load Netscape SPKAC structure"

Newbie question: unable to load Netscape SPKAC structure

2003-07-14 Thread David García Aristegui

I'm following the CA recipe examples to do a CA setup under an AIX 5 
environment.
http://home.himolde.no/~kd/prosjekt/ca/ca.html

openssl version 0.9.7

Browsers to test the client: Mozilla 1.0 or Netscape 7.01

When i try to sign the client certificate request...

openssl ca -spkac certreq.9484 -days 365

Using configuration from /usr/local/contrib/openssl/openssl.cnf

Enter pass phrase for /usr/local/etc/httpd/conf/ca/private/cakey.pem:
unable to load Netscape SPKAC structure
19506:error:0B081076:x509 certificate 
routines:NETSCAPE_SPKI_b64_decode:base64 decode error:x509spki.c:91:
Segmentation fault (core dumped)

please, could you tell me what is wrong? sholud i modify my 
opsnssl.cnf? where? thank you very much.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Newbie question: unable to load Netscape SPKAC structure

2003-07-14 Thread Charles B Cranston

What does certreq.9484 look like?  Especially when decoded with
the "openssl spkac" tool?
David García Aristegui wrote:
I'm following the CA recipe examples to do a CA setup under an AIX 5 
environment.
http://home.himolde.no/~kd/prosjekt/ca/ca.html

openssl version 0.9.7

Browsers to test the client: Mozilla 1.0 or Netscape 7.01

When i try to sign the client certificate request...

openssl ca -spkac certreq.9484 -days 365

Using configuration from /usr/local/contrib/openssl/openssl.cnf

Enter pass phrase for /usr/local/etc/httpd/conf/ca/private/cakey.pem:
unable to load Netscape SPKAC structure
19506:error:0B081076:x509 certificate 
routines:NETSCAPE_SPKI_b64_decode:base64 decode error:x509spki.c:91:
Segmentation fault (core dumped)

please, could you tell me what is wrong? sholud i modify my opsnssl.cnf? 
where? thank you very much.
--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Newbie question: unable to load Netscape SPKAC structure

2003-07-14 Thread David García Aristegui

At first, the certreq. is

more certreq.8558

commonName = Client Example
emailAddress = [EMAIL PROTECTED]
organizationName = Org
organizationalUnitName = Unit
localityName = Madrid
stateOrProvinceName = Madrid
countryName = ES
SPKAC =
MIICUTCCATkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzBDKDXI3^MvflpWV
X0NTusSZbAlB6DHd4UYJoX1iD8c6odYfKFOKWVVyzYcPFaleM7JM6YT3qB^MUCU30WzWy+kwphfPO6Kl
ZwtFH6Sa7Ejeskd3j2a0rw0yBn05AP86bpW2p6wCeyHU^M40QGyw9d48zUKQQhS/7QKobscLU0Z63C4F
uHblK7SCyoqNIAD8vdzt1DO4uSTLgR^MuDRri1v5OBEI1CXCgpqbqZEiK8VmNhDP5KZIEK25YLPH3IH6
fcSbmjJnOSvPlSFs^MiZPfGS/nZiLn9ZIc7yFTgvxpWlgN1lHOWaz4IN7zFcC5VkxiSpNnSKhslxMFUZ
aQ^MZ6yybsZopdn/AgMBAAEWEWNoYWxsZW5nZVBhc3N3b3JkMA0GCSqGSIb3DQEBBAUA^MA4IBAQB8rN
FFnrq1CXD7AT0bWfFfXar/ZAu5LDCv55uqhb4Kmah9KbVe3q5cT3W/^MMCOQrfuFasmQ1mGpNUwM4b2l
YpEVWOgm6tiZHp8nfwz2a68jke5qrsfLtxO2FGEu^Mnc/EMqTs6h23PQlwDEU01E2Sqs6eovNOZYpuS0
fQtNdNBcTevMuV5sIYadUgX7S+^M673f1SnqQyJTHG3KlF7jmLpi/LyJtxFc/IvfqymHf2y4cakV0hMc
vkBV6NlfzmSg^M01wcwY2VjyZ/+5rAPArnTSi4Nxx7guaIhkxVwjaHoQOnpUbFNsia32Uu8RJpSTCz
hbvsl/kXThFgba5FGCkVbZuSJ7fy
then i use the openssl ca -spkac certreq. -days 365

more certreq.8558
commonName = Client Example
emailAddress = [EMAIL PROTECTED]
organizationName = Org
organizationalUnitName = Unit
localityName = Madrid
stateOrProvinceName = Madrid
countryName = ES
SPKAC =
MIICUTCCATkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzBDKDXI3^MvflpWVX0NTu
sSZbAlB6DHd4UYJoX1iD8c6odYfKFOKWVVyzYcPFaleM7JM6YT3qB^MUCU30WzWy+kwphfPO6KlZwtFH6Sa7E
jeskd3j2a0rw0yBn05AP86bpW2p6wCeyHU^M40QGyw9d48zUKQQhS/7QKobscLU0Z63C4FuHblK7SCyoqNIAD
8vdzt1DO4uSTLgR^MuDRri1v5OBEI1CXCgpqbqZEiK8VmNhDP5KZIEK25YLPH3IH6fcSbmjJnOSvPlSFs^MiZ
PfGS/nZiLn9ZIc7yFTgvxpWlgN1lHOWaz4IN7zFcC5VkxiSpNnSKhslxMFUZaQ^MZ6yybsZopdn/AgMBAAEWE
WNoYWxsZW5nZVBhc3N3b3JkMA0GCSqGSIb3DQEBBAUA^MA4IBAQB8rNFFnrq1CXD7AT0bWfFfXar/ZAu5LDCv
55uqhb4Kmah9KbVe3q5cT3W/^MMCOQrfuFasmQ1mGpNUwM4b2lYpEVWOgm6tiZHp8nfwz2a68jke5qrsfLtxO
2FGEu^Mnc/EMqTs6h23PQlwDEU01E2Sqs6eovNOZYpuS0fQtNdNBcTevMuV5sIYadUgX7S+^M673f1SnqQyJT
HG3KlF7jmLpi/LyJtxFc/IvfqymHf2y4cakV0hMcvkBV6NlfzmSg^M01wcwY2VjyZ/+5rAPArnTSi4Nxx7gua
IhkxVwjaHoQOnpUbFNsia32Uu8RJpSTCz^Mhbvsl/kXThFgba5FGCkVbZuSJ7fy
openssl spkac -in certreq.8558
Error loading SPKAC
26928:error:0B081076:x509 certificate
routines:NETSCAPE_SPKI_b64_decode:base64 decode error:x509spki.c:91:
Thank you in advanced.

What does certreq.9484 look like?  Especially when decoded with
the "openssl spkac" tool?
David García Aristegui wrote:
I'm following the CA recipe examples to do a CA setup under an AIX
5 environment.
http://home.himolde.no/~kd/prosjekt/ca/ca.html
openssl version 0.9.7

Browsers to test the client: Mozilla 1.0 or Netscape 7.01

When i try to sign the client certificate request...

openssl ca -spkac certreq.9484 -days 365

Using configuration from /usr/local/contrib/openssl/openssl.cnf

Enter pass phrase for /usr/local/etc/httpd/conf/ca/private/cakey.pem:
unable to load Netscape SPKAC structure
19506:error:0B081076:x509 certificate
routines:NETSCAPE_SPKI_b64_decode:base64 decode error:x509spki.c:91:
Segmentation fault (core dumped)
please, could you tell me what is wrong? sholud i modify my
opsnssl.cnf? where? thank you very much.
--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Newbie question: unable to load Netscape SPKAC structure

2003-07-14 Thread Richard Levitte - VMS Whacker

In message <[EMAIL PROTECTED]> on Mon, 14 Jul 2003 17:34:21 +0200, David García 
Aristegui <[EMAIL PROTECTED]> said:

david> At first, the certreq. is
david> 
david> more certreq.8558
david> 
david> commonName = Client Example
david> emailAddress = [EMAIL PROTECTED]
david> organizationName = Org
david> organizationalUnitName = Unit
david> localityName = Madrid
david> stateOrProvinceName = Madrid
david> countryName = ES
david> SPKAC = MIICUTCCATkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzBDKDXI3^MvflpWV
david> X0NTusSZbAlB6DHd4UYJoX1iD8c6odYfKFOKWVVyzYcPFaleM7JM6YT3qB^MUCU30WzWy+kwphfPO6Kl
david> ZwtFH6Sa7Ejeskd3j2a0rw0yBn05AP86bpW2p6wCeyHU^M40QGyw9d48zUKQQhS/7QKobscLU0Z63C4F
david> uHblK7SCyoqNIAD8vdzt1DO4uSTLgR^MuDRri1v5OBEI1CXCgpqbqZEiK8VmNhDP5KZIEK25YLPH3IH6
david> fcSbmjJnOSvPlSFs^MiZPfGS/nZiLn9ZIc7yFTgvxpWlgN1lHOWaz4IN7zFcC5VkxiSpNnSKhslxMFUZ
david> aQ^MZ6yybsZopdn/AgMBAAEWEWNoYWxsZW5nZVBhc3N3b3JkMA0GCSqGSIb3DQEBBAUA^MA4IBAQB8rN
david> FFnrq1CXD7AT0bWfFfXar/ZAu5LDCv55uqhb4Kmah9KbVe3q5cT3W/^MMCOQrfuFasmQ1mGpNUwM4b2l
david> YpEVWOgm6tiZHp8nfwz2a68jke5qrsfLtxO2FGEu^Mnc/EMqTs6h23PQlwDEU01E2Sqs6eovNOZYpuS0
david> fQtNdNBcTevMuV5sIYadUgX7S+^M673f1SnqQyJTHG3KlF7jmLpi/LyJtxFc/IvfqymHf2y4cakV0hMc
david> vkBV6NlfzmSg^M01wcwY2VjyZ/+5rAPArnTSi4Nxx7guaIhkxVwjaHoQOnpUbFNsia32Uu8RJpSTCz
david> hbvsl/kXThFgba5FGCkVbZuSJ7fy

I see a number of embedded charriage returns (^M).  hos need to be
removed.

-- 
Richard Levitte   \ Tunnlandsvägen 3  \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Newbie question: unable to load Netscape SPKAC structure

2003-07-14 Thread Charles B Cranston

Richard Levitte - VMS Whacker wrote:

I see a number of embedded charriage returns (^M).  hos need to be
removed.
Yes.  My current experimental code does this, I don't believe I
would have put it in if it were not necessary:
  } elsif ( $req=$data->{'spkac'} ) {# Netscape SPKAC

   # $$ GET SERIAL NUMBER FROM DATABASE
 $req =~ s/\s+//g;   # Delete CR & LF
.
 $req = 'SPKAC='.$req."\n".join("\n",@dn)."\n";
 my $cert = spkcsign
$ENV{'UMCPCA_vault'},'ID Cert Signing Passphrase',
$ENV{'UMCPCA_OPENSSL'},$tmp,$serial,$req,
$certlife,$certmail;
   # htmlfail htmlesce certtext $cert;
   # $$ INSERT CERT INTO DATABASE
   # $$ DELIVER CERT TO CLIENT
 print "Content-Type: application/x-x509-user-cert\n\n$cert";
  } else {   # Neither PKCS10 nor SPKAC

 htmlfail 'Neither PKCS10 nor SPKAC data returned...';

--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Newbie question: unable to load Netscape SPKAC structure

2003-07-15 Thread David García Aristegui

Thank you very much for the help!!! The charriage returns (^M) 
appeared in the file because the browser was running in a MacOS X, 
there is no problem if the Netscape client is runnig in Linux, for 
example.
I have made a script to delete the charriage returns (^M).

But... when i try to sign the client certificate request

openssl ca -spkac certerq.
(...)
BEGIN CERTIFICATE-
MIIDvTCCAyagAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBmjELMAkGA1UEBhMCRVMx
DzANBgNVBAgTBk1hZHJpZDEUMBIGA1UEBxMLQ2FudG9ibGFuY28xEzARBgNVBAoT
CkVNQm5ldC9DTkIxETAPBgNVBAsTCENOQi1DU0lDMRgwFgYDVQQDEw9lcmlzLmNu
Yi51YW0uZXMxIjAgBgkqhkiG9w0BCQEWE25ldGFkbWluQGNuYi51YW0uZXMwHhcN
MDMwNzE1MTQ0NzM3WhcNMDQwNzE0MTQ0NzM3WjCBgzELMAkGA1UEBhMCRVMxDzAN
BgNVBAgTBk1hZHJpZDETMBEGA1UEChMKRU1CbmV0L0NOQjERMA8GA1UECxMIQ05C
LUNTSUMxGDAWBgNVBAMTD2VyaXMuY25iLnVhbS5lczEhMB8GCSqGSIb3DQEJARYS
ZW1haWxAeW91cmhvc3QuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH
2aA5rdIZXQVbz49/VFf8/1PK6IUsAq073uKHlT9tMwvyIQHFB6LPRbw4FoskB6jg
VXNDANqJbelNSBlLz4lg6fGu+DhNg5vqDy7IZS3TuiDZKAmgdNSiO6bfy8D/KM2I
7/8k2K0k49qJ3dysg++iI9TbVt7VnshtsZF5ECCO/wIDAQABo4IBJjCCASIwCQYD
VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFFonnvTPOSUM6uTJc4TTQhousHa/MIHHBgNVHSMEgb8w
gbyAFFIrWqlFW+S/O7gaJiqsalpsUx2joYGgpIGdMIGaMQswCQYDVQQGEwJFUzEP
MA0GA1UECBMGTWFkcmlkMRQwEgYDVQQHEwtDYW50b2JsYW5jbzETMBEGA1UEChMK
RU1CbmV0L0NOQjERMA8GA1UECxMIQ05CLUNTSUMxGDAWBgNVBAMTD2VyaXMuY25i
LnVhbS5lczEiMCAGCSqGSIb3DQEJARYTbmV0YWRtaW5AY25iLnVhbS5lc4IBADAN
BgkqhkiG9w0BAQQFAAOBgQAu1HSRQxxeQLbz/kbw9cVrOaMOHxLRRdpjIZ7NLpcV
mdjnF1IV6zvyHRV3kxNLHm0xpaXGWnfA9Ri/vzA0nqFCkUa3+Zyn/QQFtb829kdn
eZHzGMXElX3b9VGy8Jlvqi/Zvd+BQZ/j64B2rBYWrPrxqyaauuquM3pgwIh4ct5M
7Q==
-END CERTIFICATE-
Data Base Updated
Segmentation fault (core dumped)
Where can i found information about this error? Please, any ideas? 
Thank you in advanced.

Richard Levitte - VMS Whacker wrote:

I see a number of embedded charriage returns (^M).  hos need to be
removed.
Yes.  My current experimental code does this, I don't believe I
would have put it in if it were not necessary:
  } elsif ( $req=$data->{'spkac'} ) {# Netscape SPKAC

   # $$ GET SERIAL NUMBER FROM DATABASE
 $req =~ s/\s+//g;   # Delete CR & LF
.
 $req = 'SPKAC='.$req."\n".join("\n",@dn)."\n";
 my $cert = spkcsign
$ENV{'UMCPCA_vault'},'ID Cert Signing Passphrase',
$ENV{'UMCPCA_OPENSSL'},$tmp,$serial,$req,
$certlife,$certmail;
   # htmlfail htmlesce certtext $cert;
   # $$ INSERT CERT INTO DATABASE
   # $$ DELIVER CERT TO CLIENT
 print "Content-Type: application/x-x509-user-cert\n\n$cert";
  } else {   # Neither PKCS10 nor SPKAC

 htmlfail 'Neither PKCS10 nor SPKAC data returned...';

--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Newbie question: unable to load Netscape SPKAC structure

Re: Newbie question: unable to load Netscape SPKAC structure

Re: Newbie question: unable to load Netscape SPKAC structure

Re: Newbie question: unable to load Netscape SPKAC structure

Re: Newbie question: unable to load Netscape SPKAC structure

Re: Newbie question: unable to load Netscape SPKAC structure

6 matches

Site Navigation

Mail list logo

Footer information