[Muscle] FC6 and pkcs11_inspect
Greg Hennessy
greg.hennessy at cox.net
Tue Nov 28 19:50:03 PST 2006
David T. MacKenzie wrote:
>
> Mr. Hennessy, here's a jump-start on certutil:
>
> To list CAs:
> certutil -L -d /etc/pki/nssdb/
> To import one:
> certutil -A -n "Smart Card CA" -t "CT,C," -d /etc/pki/nssdb -i certfile.crt
Thanks. That helps a significant amount, but after importing the certs I
think I need I get partial sucess. Cutting and pasting from a
pkcs11_inspect I get the following:
DEBUG:pkcs11_inspect.c:139: verifing the certificate for the key #1
DEBUG:cert_vfy.c:37: Verifying Cert: HENNESSY.GREGORY.S.1228899166:CAC
ID Certificate
(CN=HENNESSY.GREGORY.S.1228899166,OU=USN,OU=PKI,OU=DoD,O=U.S.
Government,C=US)
DEBUG:pkcs11_inspect.c:156: Inspecting certificate for key #1
Printing data for mapper cn:
HENNESSY.GREGORY.S.1228899166
DEBUG:mapper_mgr.c:243: Cannot find cert data for mapper uid
Printing data for mapper pwent:
HENNESSY.GREGORY.S.1228899166
DEBUG:mapper_mgr.c:235: Mapper 'null' has no inspect() function
DEBUG:pkcs11_inspect.c:139: verifing the certificate for the key #2
DEBUG:cert_vfy.c:37: Verifying Cert: HENNESSY.GREGORY.S.1228899166:CAC
Email Signature Certificate
(CN=HENNESSY.GREGORY.S.1228899166,OU=USN,OU=PKI,OU=DoD,O=U.S.
Government,C=US)
DEBUG:cert_vfy.c:41: Couldn't verify Cert: Invalid OCSP signing
certificate in OCSP response.
DEBUG:pkcs11_inspect.c:152: verify_certificate() failed:
One certificate seems fine, but can anyone shed light on what Invalid
OCSP signing cert means I did wrong?
More information about the Muscle
mailing list