Hi Patrick! The certificate has all permissions, and the tutorial does not specify a location for its storage. Thanks!
2011/2/22 Patrick Patterson <ppatter...@carillonis.com> > Hi Yessica: > > That error is fairly straightforward - it's can't load the cert (meaning, > it can't even load the file). > > Have you made sure that the permissions are correct? Are you absolutely > sure that you have the right cert in the right location? > > Have fun. > > Patrick. > > On 2011-02-22, at 8:37 AM, Yessica De Ascencao wrote: > > > Hi! > > This is the new certificate: > > > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: > > d8:e6:a3:f6:22:c7:a4:0b > > Signature Algorithm: sha1WithRSAEncryption > > Issuer: C=ve, ST=distrito capital, O=suscerte, OU=acraiz, > CN=ac/emailAddress=a...@suscerte.gob.ve > > Validity > > Not Before: Feb 21 20:15:08 2011 GMT > > Not After : Feb 21 20:15:08 2012 GMT > > Subject: C=ve, ST=distritocapital, L=caracas, O=tss, OU=suscerte, > CN=tsscompany/emailAddress=t...@company.com > > Subject Public Key Info: > > Public Key Algorithm: rsaEncryption > > RSA Public Key: (2048 bit) > > Modulus (2048 bit): > > 00:bd:6e:12:e5:72:37:f2:74:e4:95:f7:43:f2:c7: > > 00:7d:53:cb:2d:a9:49:68:4d:04:b7:40:8d:b7:cd: > > 56:23:89:8a:e1:78:d6:a8:bd:a3:ef:16:62:d6:37: > > 6d:25:ce:eb:9d:30:8a:5e:be:6a:68:6f:bf:cd:f7: > > 6b:cd:85:f8:c6:62:f3:ea:8e:32:79:2a:d2:38:40: > > b9:d7:88:c9:18:5c:63:98:69:ea:b6:95:83:a2:ac: > > 1b:b4:17:9a:e7:ea:66:bc:c3:e6:c8:e6:47:94:9b: > > 36:3c:3b:e0:59:9e:85:90:a6:8f:ad:8a:0a:0b:9e: > > 51:de:ef:93:73:e5:6b:a9:f2:49:ec:c0:46:57:71: > > 27:fd:85:47:09:f7:90:f7:bb:c5:3a:83:0a:3c:cc: > > f2:88:2f:69:5c:80:e2:7f:9e:28:d3:19:09:62:fb: > > 2b:61:a4:f8:4c:64:d6:72:cb:41:a9:68:69:38:8b: > > 3f:03:04:83:26:e0:9a:ce:be:1f:05:f0:6d:99:2c: > > 87:16:97:e2:7f:8b:2f:b1:eb:19:2f:10:45:00:2c: > > 8e:dd:f5:80:de:cf:c7:17:a0:cc:cf:0d:f3:48:19: > > 7f:5b:b0:dd:51:a8:80:e0:65:eb:79:ef:ea:fc:d8: > > 6d:a5:2d:e3:06:b0:83:83:14:7f:61:f9:dc:ea:a7: > > 7a:4b > > Exponent: 65537 (0x10001) > > X509v3 extensions: > > X509v3 Basic Constraints: > > CA:FALSE > > X509v3 Key Usage: > > Digital Signature, Non Repudiation, Key Encipherment > > Netscape Comment: > > OpenSSL Generated Certificate > > X509v3 Subject Key Identifier: > > > FA:0C:6E:6E:88:58:51:F4:DF:F1:E3:CC:DD:9D:71:8C:CD:95:68:17 > > X509v3 Authority Key Identifier: > > > keyid:76:B9:CB:3B:5D:C8:B6:AB:02:74:86:D3:1C:C7:42:58:B1:AE:7E:76 > > > > X509v3 Subject Alternative Name: > > email:t...@company.com > > X509v3 Extended Key Usage: critical > > Time Stamping > > Signature Algorithm: sha1WithRSAEncryption > > 02:d1:fd:44:de:1e:9f:e0:29:66:35:8f:43:da:e6:b5:20:43: > > 52:90:b0:dc:8a:0f:09:92:9e:c2:6b:dc:14:ab:2c:9f:1b:8e: > > 02:76:9a:17:08:77:ca:26:06:13:25:9e:4a:e2:bf:bb:2b:4d: > > cf:67:41:c0:2b:3a:1a:d0:ae:a8:88:3c:13:e2:0d:f6:9c:1e: > > e7:ba:ef:22:c6:b8:18:3b:a8:5e:f9:0e:43:b8:de:82:b1:e0: > > be:00:d2:57:9c:f3:d9:48:72:28:70:5d:06:d7:73:84:bc:f7: > > 5e:65:27:86:0d:e8:28:b4:dd:72:4d:8e:59:02:cc:39:0f:8d: > > 47:87 > > > > And this is the error: > > [Mon Feb 21 20:15:37 2011] [error] mod_tsa:could not load X.509 > certificate: /usr/local/ssl/misc/demoCA/tss.pem > > [Mon Feb 21 20:15:37 2011] [error] > mod_tsa:17262:error:2F083075:lib(47):func(131):reason(117):ts_rsp_sign.c:206: > > [Mon Feb 21 20:15:37 2011] [emerg] exiting, fatal error during mod_tsa > initialisation. > > > > Thanks!!! > > > > 2011/2/21 Jaroslav Imrich <jaroslav.imr...@gmail.com> > > Hello Yessica, > > > > please post new certificate and exact error you're getting. > > > > -- > > > > Kind Regards / S pozdravom > > > > Jaroslav Imrich > > http://www.jariq.sk > > > > > > > > On Mon, Feb 21, 2011 at 4:41 PM, Yessica De Ascencao < > yessima...@gmail.com> wrote: > > hello!!! > > Thanks for the response! > > > > Yes I needed the extension to Time Stamping, however when I load the > sample certificate in the OpenTSA page, continues to show me the same error. > I created a certificate with the correct extension and likewise gives me > error. > > > > I really do not know what may be happening. > > > > Thank you very much! > > > > > > > > 2011/2/18 Jaroslav Imrich <jaroslav.imr...@gmail.com> > > Hello Yessica, > > > > > > this line in your logs tells you where the error occured: > > > > > > [Thu Feb 17 19:23:09 2011] [error] > mod_tsa:1510:error:2F083075:lib(47):func(131):reason(117):ts_rsp_sign.c:206: > > > > When you look into source code of openssl ts module - > http://cvs.openssl.org/fileview?f=openssl/crypto/ts/ts_rsp_sign.c&v=1.6.4.2- > you can see that line 206 contains following code: > > > > if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != > 1) > > { > > TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, > > TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); > > return 0; > > } > > > > That means loading of TSA certificate failed because of incorrect > extensions. > > > > Certificate you posted has critical mark on "X509v3 Subject Alternative > Name" which is completely wrong in this case. It is "Time Stamping" that has > to be marked as critical. > > > > > > -- > > Kind Regards / S pozdravom > > > > Jaroslav Imrich > > http://www.jariq.sk > > > > > > > > -- > > Saludos! > > Yessica De Ascencao > > 0426-7142582 > > > > > > > > -- > > Saludos! > > Yessica De Ascencao > > 0426-7142582 > > --- > Patrick Patterson > Chief PKI Architect > Carillon Information Security Inc. > http://www.carillon.ca > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Saludos! Yessica De Ascencao 0426-7142582
