[ssl-users] Error signing certificate for Netscape client

Josuï¿½ Josï¿½ Souza Jr. Thu, 4 Jun 1998 09:48:45 -0400
Hello,

        I'm having a problem trying to sign a Netscape client certificate
using our own ca. I'm using Apache-SSL with suEXEC and Hirsch's html form
and perl script to automatize it. When I fill the form and submit it, I
get this error:

/usr/local/bin/ca -policy policy_nexos -config /usr/local/etc/ssleay.cnf
-spkac /usr/local/ssl/ca/certs/cert9.req -out
/usr/local/ssl/ca/certs/cert9.result -days 30

rc = 256

Using configuration from /usr/local/etc/ssleay.cnf 
error on line 6 of config file '/usr/local/etc/ssleay.cnf' 
26979:error:0E065068:configuation file routines:STR_COPY:variable has no 
value:conf.c:596 

        My ssleay configuration file is (I will cut some lines so if you
want to see it entirely, I can send it to you):

------------------------------------------------
#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#

RANDFILE                = $ENV::HOME/.rnd

####################################################################
[ ca ]
default_ca      = CA_default            # The default ca section

####################################################################
[ CA_default ]

dir             = /usr/local/ssl        # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
database        = $dir/index.txt        # database index file.
new_certs_dir   = $dir/newcerts         # default place for new certs.

certificate     = $dir/certs/CAcert.pem # The CA certificate
serial          = $dir/serial           # The current serial number
crl             = $dir/crl.pem          # The current CRL
private_key     = $dir/private/CAkey.pem        # The private key
RANDFILE        = $dir/private/.rand    # private random number file

x509_extensions = x509v3_extensions     # The extentions to add to the
cert
default_days    = 365                   # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md      = md5                   # which md to use.
preserve        = no                    # keep passed DN ordering

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy          = policy_match

# For the Nexos policy
[ policy_nexos ]
countryName             = supplied
stateOrProvinceName     = supplied
organizationName        = supplied
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

# For the CA policy
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

####################################################################
[ req ]
default_bits            = 1024
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = AU
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Some-State

localityName                    = Locality Name (eg, city)

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Internet Widgits Pty Ltd

# we can do this but it is not needed normally :-)
#1.organizationName             = Second Organization Name (eg, company)
#1.organizationName_default     = CryptSoft Pty Ltd

organizationalUnitName          = Organizational Unit Name (eg, section)
#organizationalUnitName_default =

commonName                      = Common Name (eg, YOUR name)
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_max                = 40

[ req_attributes ]
challengePassword               = A challenge password
challengePassword_min           = 4
challengePassword_max           = 20

unstructuredName                = An optional company name

[ x509v3_extensions ]

nsCaRevocationUrl               = http://www.cryptsoft.com/ca-crl.pem
nsComment                       = "This is a comment"

# under ASN.1, the 0 bit would be encoded as 80
# nsCertType                    = 0x40
  nsCertType                    = 0xF7

#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
#nsCertSequence
#nsCertExt
#nsDataType
------------------------------------------

        Does anybody knows what's happening?

Thanx in advance, 


------------------------------------------
Josuï¿½ Josï¿½ Souza Jr. - Operaï¿½ï¿½es e Suporte   
[EMAIL PROTECTED]
Nexos Serviï¿½os de Redes Ltda.
http://www.nexos.com.br

Salvador - Bahia - Brasil
------------------------------------------
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/  |
+-------------------------------------------------------------------------+
[ssl-users] Error signing certificate for Netscape client

Reply via email to
