View Issue Details

IDProjectCategoryView StatusLast Update
0000952Main CAcert Websitecertificate issuingpublic2013-01-07 21:55
Reporteredgarwahn Assigned ToUli60  
PrioritynormalSeveritymajorReproducibilityhave not tried
Status needs workResolutionopen 
PlatformMain CAcert WebsiteOSN/AOS Versionstable
Summary0000952: CSR not signed, pending forever: "Supported Key Types and Sizes"
DescriptionSubmitted by Christopher Head <>

Is there a list somewhere of what key types and sizes are supported by
CACert? Whenever I've submitted 1024-bit RSA or DSA CSRs, they've been
signed almost instantly. I submitted a 3072-bit DSA CSR for a
client certificate quite a while ago (> 1 hour), and it's still pending!
Are 3072-bit DSA keys not supported? What about ECDSA, were I to choose
to create such a key? It seems that just leaving the certificate listed
as "Pending" forever is a rather misleading way of reporting that the
key format is unsupported.


I'm just now querying more details from him to make the problem reproducable.
TagsNo tags attached.
Reviewed by
Test Instructions


related to 0001101 needs workTimoAHummel general rewrite of get info from csr routine in includes/general.php 



2011-06-16 11:38

developer   ~0002048

Sent by Chris:

I believe I used "openssl dsaparam 3072 > param.pem && openssl gendsa
- -out key.pem param.pem && openssl req -new -out req.pem -key key.pem".
I've attached the CSR (it's not exactly secret, after all).


Issue History

Date Modified Username Field Change
2011-06-15 07:59 edgarwahn New Issue
2011-06-15 07:59 edgarwahn Status new => needs work
2011-06-15 07:59 edgarwahn Assigned To => edgarwahn
2011-06-16 11:38 edgarwahn Note Added: 0002048
2011-06-16 11:39 edgarwahn Assigned To edgarwahn => Uli60
2013-01-07 21:55 Werner Dworak Relationship added related to 0001101