Re: Error revoking a certificate

Wed, 14 Jun 2006 08:04:52 -0700 

Sendil kumar wrote:

Hi,
I think box A be the owner of the certificate so when u revoke it in box A it works fine.Box B may not be the owner(issuer) and when revoking the certificate , it is verified whether it is revoked by the corresponding person who issued the certificate by checking CN field in the certificate, as box b is not the owner this field doestnot match and error outs.please let me know about this. 

----- Original Message ----
From: Susan McIntosh <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
Sent: Tuesday, 13 June, 2006 12:23:32 AM
Subject: Error revoking a certificate

We are in the process of migrating from box A (AIX 4.3.3.0 running
openssl 0.9.6g) to box B (AIX 5.3.0.0 running openssl 0.9.8). Both A and
B access the same file system which contains our CA files.

When I revoke a certificate from box A, the process works as expected.

When I revoke a certificate from box B, I get the following error:

ERROR:name does not match /C=US/ST=Florida/L=Gainesville/O=University of
Florida /OU=Computing and Networking
Services/CN=alt.smtp.ufl.edu/emailAddress=nerdc-uni [EMAIL PROTECTED]
3080222:error:02001002:system library:fopen:No such file or
directory:bss_file.c :122:fopen('/nerdc/src/ssl/CA/index.txt.attr','rb')
3080222:error:2006D080:BIO routines:BIO_new_file:no such
file:bss_file.c:125:
3080222:error:0E078072:configuration file routines:DEF_LOAD:no such
file:conf_de f.c:197:

The certificate, key, config file, etc. are all the same for both
revocation attempts. The only thing that's changed, as far as I can
tell, is the version of AIX and openssl. Is there a config file I need
to check besides the one I specify on the command line?

Any ideas about what might be going on appreciated...

susan
_________
______________________________________________________________________

OpenSSL Project                                 http://www.openssl.org 
<http://www.openssl.org/>

User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]




OpenSSL determines who issued (or owns) a cert by looking at the issuer 
data in the cert, right? Since ALL the files are the same, regardless of 
which box I'm signed on to, that data is the same from either box.



The only thing, as far as I can tell, that differs from one box to the 
other is the system OS and the version of OpensSSL.


thanks, susan
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to