On Fri, 2005-09-02 at 08:41 -0400, John A. Sullivan III wrote:
> On Fri, 2005-09-02 at 14:35 +0200, Ives Steglich wrote:
> > John A. Sullivan III wrote:
> > > Hello, all. I am using openca-0.9.2.2. I have issued many certificates
> > > successfully but have not done any for a while. I created a basic
> > > request today (key + cert), approved and signed the request. I was able
> > > to upload and receive the request. However, when I attempt to issue the
> > > certificate I receive this error:
> > >
> > > Error 6761
> > > General Error Error while issuing
> > > Certificate(ilt) to NiagaraRASGW
> > > (filename:
> > > /usr/local/OpenCA/NiagaraCA/var/tmp/35.req).
> > >
> > >
> > > OpenCA::OpenSSL returns errocode 7731075
> > > (OpenCA::OpenSSL->issueCert: OpenSSL fails
> > > (7777067). Using configuration
> > > from
> > > /usr/local/OpenCA/NiagaraCA/etc/openssl/openssl/VPN_Server.conf
> > > error creating name index:(2,18,19)
> > > error in ca
> > > ).
> > >
> > > I have absolutely no idea of what to do and it is impacting an important
> > > project. Can anyone tell me what I am doing wrong? Thanks - John
> >
> > + if (db->attributes.unique_subject
> > + && !TXT_DB_create_index(db->db, DB_name,
> > index_name_qual,
> > + LHASH_HASH_FN(index_name_hash),
> > + LHASH_COMP_FN(index_name_cmp)))
> > + {
> > + BIO_printf(bio_err,"error creating name
> > index:(%ld,%ld,%ld)\n",
> > + db->db->error,db->db->arg1,db->db->arg2);
> > + return 0;
> > + }
> > + return 1;
> > + }
> >
> > so the ca.c sourcecode of openssl leads to the idea you are trying to
> > issue a certificate with the same dn as an already exiting certificate?
> >
> > openssl doesn't support non-unique DNs in 0.9.7 series
> > but there is a patch to enable it... for 0.9.7c i think, you have to
> > adopt this for later versions by yourself
> >
> > 0.9.8 supports non-unique DNs by itself without patching but uses a
> > different 'interface' means config option for this, then the patch from
> > micha for the 0.9.7c of openssl
> >
> > so try to use unique DNs for the moment, should 'fix' the 'problem'
> >snip>
> Thank you very much. However, when I look at all the valid, revoked,
> suspended and expired certificates, I see nothing with this DN. We have
> tried to issue this cert several times, the first few times with the
> wrong CA key password. Could there be an incomplete transaction in the
> database so that it thinks there is a duplicate DN? If so, how do I tell
> and how do I get it out? Thanks - John
I reindexed the files in var/crypto as suggested elsewhere but with no
success. However, pursuing the idea of duplicate DNs further, perhaps
the problem is not the cert I am trying to issue.
I used openssl x509 to examine the subject of every cert in
var/crypto/certs. Somehow, the very last two have the same DN. I
quadruple checked and they match character for character including
checking for terminating or initial spaces.
Could this be creating this problem? If so, how do I safely remove them?
Can I revoke them or, as I would suspect, will this create still show
duplicate DNs in the database? Thanks - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
[EMAIL PROTECTED]
Financially sustainable open source development
http://www.opensourcedevel.com
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
