Discussion:
[Openca-Users] Some questions
Til Obes
2004-06-14 09:36:02 UTC
Permalink
Hi,
1.
i have some errors with the mailcounter.
How is it organized? For example:
Mailcounter was 2. but i have now my 8th cert.
Node mgmt wanted to send the mail 2. and now the counter is 3.
Should that depend on the real cert serial?
Can this maybe depend on disabling the sendmail_automatic.
I had it disabled for some time. Now ist activated again.

2.
I had a signature error on ca interface when viewing a signed request.
What is neccessary, that there isnt an error?

Regards til
o***@slave.umbr.cas.cz
2004-06-14 12:30:02 UTC
Permalink
Post by Til Obes
1.
i have some errors with the mailcounter.
Mailcounter was 2. but i have now my 8th cert.
Node mgmt wanted to send the mail 2. and now the counter is 3.
Should that depend on the real cert serial?
Can this maybe depend on disabling the sendmail_automatic.
I had it disabled for some time. Now ist activated again.
*** I think (from my tests) the mailcounter contains ID of next mail, which
should be sent. When you send no emails, there will be 1 (mail number 1
should be sent). After you send 5 mails (1,2,3,4,5), there will be number 6
that mail number 6 should be send. You can have 10 certificates, but only 5
emails sent. But you should sent all emails, because there is CRIN (PID for
certificate revokation) for the certificate. Probably the mail number
should be same as certificate serial number, but I'm not sure about this
(the email can be sent in other situation, I don't know this).
Post by Til Obes
2.
I had a signature error on ca interface when viewing a signed request.
What is neccessary, that there isnt an error?
*** more details? I don't know, what you mean, maybe someone else will
know.

Robert Wolf.
Til Obes
2004-06-14 14:31:36 UTC
Permalink
Post by o***@slave.umbr.cas.cz
Post by Til Obes
1.
i have some errors with the mailcounter.
Mailcounter was 2. but i have now my 8th cert.
Node mgmt wanted to send the mail 2. and now the counter is 3.
Should that depend on the real cert serial?
Can this maybe depend on disabling the sendmail_automatic.
I had it disabled for some time. Now ist activated again.
*** I think (from my tests) the mailcounter contains ID of
next mail, which
should be sent. When you send no emails, there will be 1
(mail number 1
should be sent). After you send 5 mails (1,2,3,4,5), there
will be number 6
that mail number 6 should be send. You can have 10
certificates, but only 5
emails sent. But you should sent all emails, because there is
CRIN (PID for
certificate revokation) for the certificate. Probably the mail number
should be same as certificate serial number, but I'm not sure
about this
(the email can be sent in other situation, I don't know this).
The problem is, that the node interface wanted to send the mail number 2,
but the mail 8.msg was imported from the ca.
This is a bug i think.
Post by o***@slave.umbr.cas.cz
Post by Til Obes
2.
I had a signature error on ca interface when viewing a
signed request.
Post by Til Obes
What is neccessary, that there isnt an error?
*** more details? I don't know, what you mean, maybe someone
else will
know.
When i sign a request at the ra interface with a user cert of the ca, i get
a the ca interface
An error. It's a red lock(dont know the english word ;) ) (schloss) right
beside the message, that there is a sign error.

Regards til
o***@slave.umbr.cas.cz
2004-06-14 15:44:37 UTC
Permalink
Post by Til Obes
The problem is, that the node interface wanted to send the mail number 2,
but the mail 8.msg was imported from the ca.
This is a bug i think.
*** Hmmm, I'm not sure about this.

I think when you create certificate, openca creates an email for user. So
you can create 5 certificates, openca creates 5 emails (1,2,3,4,5).
Mailcounter is 1 (to send email number 1). When you exchange this data to
lower hierarchy, it should be the same as on CA. So for example, on RA
mailcounter is 1 and there are 5 emails (1,2,3,4,5).

The other day you create another certificate (number 6) and openca creates
new email (6). When you exchange data, you will see, that email number 6
was imported (or downloaded or how is it called:)). So you got mail number
6 in RA, but you still haven't sent emails number 1,2,3,4,5 so now you
should sent email number 1.

In openca 0.9.1-8 there are two versions of Send email. The first one sends
all unsent emails (the emails with number equal or greater that value from
mail counter). The second version reads number of the email you want to
send/resend. I hope I understood this functionality correct.


Bye.

Robert Wolf.
Ives Steglich
2004-06-14 16:19:07 UTC
Permalink
Post by Til Obes
Post by o***@slave.umbr.cas.cz
Post by Til Obes
1.
i have some errors with the mailcounter.
Mailcounter was 2. but i have now my 8th cert.
Node mgmt wanted to send the mail 2. and now the counter is 3.
Should that depend on the real cert serial?
Can this maybe depend on disabling the sendmail_automatic.
I had it disabled for some time. Now ist activated again.
*** I think (from my tests) the mailcounter contains ID of
next mail, which
should be sent. When you send no emails, there will be 1
(mail number 1
should be sent). After you send 5 mails (1,2,3,4,5), there
will be number 6
that mail number 6 should be send. You can have 10
certificates, but only 5
emails sent. But you should sent all emails, because there is
CRIN (PID for
certificate revokation) for the certificate. Probably the mail number
should be same as certificate serial number, but I'm not sure
about this
(the email can be sent in other situation, I don't know this).
The problem is, that the node interface wanted to send the mail number 2,
but the mail 8.msg was imported from the ca.
This is a bug i think.
yes this is a bug - so please file it at sourceforge at the bug tracker thx
Post by Til Obes
When i sign a request at the ra interface with a user cert of the ca, i get
a the ca interface
An error. It's a red lock(dont know the english word ;) ) (schloss) right
beside the message, that there is a sign error.
you can click this red lock, and it will show you more informations on
the signature deteckted

basicaly - if its red - that means - there is something wrong with the
signature - which certificate did you use to sign the request?

one issued by this pki or something different?


greetings
dalini
Til Obes
2004-06-14 17:06:05 UTC
Permalink
Post by Til Obes
Post by Til Obes
The problem is, that the node interface wanted to send the
mail number 2,
Post by Til Obes
but the mail 8.msg was imported from the ca.
This is a bug i think.
yes this is a bug - so please file it at sourceforge at the
bug tracker thx
done
Post by Til Obes
Post by Til Obes
When i sign a request at the ra interface with a user cert
of the ca, i get
Post by Til Obes
a the ca interface
An error. It's a red lock(dont know the english word ;) )
(schloss) right
Post by Til Obes
beside the message, that there is a sign error.
you can click this red lock, and it will show you more
informations on
the signature deteckted
basicaly - if its red - that means - there is something wrong
with the
signature - which certificate did you use to sign the request?
one issued by this pki or something different?
I have a userca. I use a cert issued by this userca.
I signed it with my cert.
When i click on the red lock, i get an empty page.
Has it something to do with the correct ca chain?
Do i need to have the correct chain in my browser?

Regards til

Continue reading on narkive:
Loading...