Re: [Openca-Users] Error 6761 when issuing certs

[Ives Steglich]

John A. Sullivan III wrote:
Hello, all.  I am using openca-0.9.2.2.  I have issued many certificates
successfully but have not done any for a while.  I created a basic
request today (key + cert), approved and signed the request.  I was able
to upload and receive the request.  However, when I attempt to issue the
certificate I receive this error:
Error 6761
                        General Error Error while issuing
                        Certificate(ilt) to NiagaraRASGW
                        (filename: /usr/local/OpenCA/NiagaraCA/var/tmp/35.req). 
                        
                        
                        OpenCA::OpenSSL returns errocode 7731075
                        (OpenCA::OpenSSL->issueCert: OpenSSL fails
                        (7777067). Using configuration
                        from 
/usr/local/OpenCA/NiagaraCA/etc/openssl/openssl/VPN_Server.conf
                        error creating name index:(2,18,19)
                        error in ca
                        ).
                        
I have absolutely no idea of what to do and it is impacting an important
project.  Can anyone tell me what I am doing wrong? Thanks - John

  +     if (db->attributes.unique_subject
  +             && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
  +                     LHASH_HASH_FN(index_name_hash),
  +                     LHASH_COMP_FN(index_name_cmp)))
  +             {
  +             BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
  +                     db->db->error,db->db->arg1,db->db->arg2);
  +             return 0;
  +             }
  +     return 1;
  +     }

so the ca.c sourcecode of openssl leads to the idea you are trying to 
issue a certificate with the same dn as an already exiting certificate?

openssl doesn't support non-unique DNs in 0.9.7 series
but there is a patch to enable it... for 0.9.7c i think, you have to 
adopt this for later versions by yourself

0.9.8 supports non-unique DNs by itself without patching but uses a 
different 'interface' means config option for this, then the patch from 
micha for the 0.9.7c of openssl

so try to use unique DNs for the moment, should 'fix' the 'problem'


greetings
dalini


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users