"If i all understood" ;-)

I have 2 certificates :
- One with "keyusage" as AC Certificate "CertAC.cer"
- One with "keyusage" as crl signer Certificate "Cert_crlsigner.cer"

But they have the same hash so the name with ".0" extension is the same !!
So when the last file copy is "Cert_crlsigner.cer" i have "unable to get
issuer certificate" error
and when the last file copy is "CertAC.cer" i have "key usage does not
include CRL signing" error

Is it the reason of my problems ?
So how to have different name with the same DN using for the hash ?

Thanks

Dr Franck ROUSSIA

rfx a écrit :
> Yes, i read it
>
> For first point, i think that there is not ths same subject and
> issuer, like final autosign certificat of AC ?
>
> For second point, after translating, it's more difficult for me to
> understand "keyusage" not to be include ;-)
>
> Thanks
>
> Dr Franck ROUSSIA
>
> Dr. Stephen Henson a écrit :
>> On Wed, Jan 16, 2008, rfx wrote:
>>
>>
>>> I make new path using hash name/ ".0" extension for certificat/".r0"
>>> extension for CRL
>>>
>>> The function: 'verify -CApath @CRLCA\ -issuer_checks -crl_check
>>> "SignCertPEM.cer"
>>>
>>> The result is :
>>> SignCertPEM.cer:
>>> /C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
>>> error 29 at 0 depth lookup:subject issuer mismatch
>>> /C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
>>> error 29 at 0 depth lookup:subject issuer mismatch
>>> /C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
>>> error 29 at 0 depth lookup:subject issuer mismatch
>>> /C=FR/O=GIP-CPS/OU=GIP-CPS PROFESSIONNEL/CN=GIP-CPS CLASSE-1
>>> error 29 at 0 depth lookup:subject issuer mismatch
>>> /C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
>>> error 35 at 0 depth lookup:key usage does not include CRL signing
>>>
>>> Two questions :
>>>
>>> 1) Why the "subject issuer mismatch" error ? also when the result is OK
>>>
>>> 2) For this example what mean the error "key usage does not include
>>> CRL signing" ?
>>>
>>>

>>
>> Read the manual page entry for the diagnostic option -issuer_checks
>>
>> Steve.
>> --
>> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
>> OpenSSL project core developer and freelance consultant.
>> Homepage: http://www.drh-consultancy.demon.co.uk
>> __________________________________________________ ____________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> Automated List Manager majordomo@openssl.org
>>
>>
>>

>
>
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>
>



__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org