On Fri, 2005-09-02 at 14:35 +0200, Ives Steglich wrote:
> John A. Sullivan III wrote:
> > Hello, all. I am using openca-0.9.2.2. I have issued many certificates
> > successfully but have not done any for a while. I created a basic
> > request today (key + cert), approved and signed the request. I was able
> > to upload and receive the request. However, when I attempt to issue the
> > certificate I receive this error:
> >
> > Error 6761
> > General Error Error while issuing
> > Certificate(ilt) to NiagaraRASGW
> > (filename:
> > /usr/local/OpenCA/NiagaraCA/var/tmp/35.req).
> >
> >
> > OpenCA::OpenSSL returns errocode 7731075
> > (OpenCA::OpenSSL->issueCert: OpenSSL fails
> > (7777067). Using configuration
> > from
> > /usr/local/OpenCA/NiagaraCA/etc/openssl/openssl/VPN_Server.conf
> > error creating name index:(2,18,19)
> > error in ca
> > ).
> >
> > I have absolutely no idea of what to do and it is impacting an important
> > project. Can anyone tell me what I am doing wrong? Thanks - John
>
> + if (db->attributes.unique_subject
> + && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
> + LHASH_HASH_FN(index_name_hash),
> + LHASH_COMP_FN(index_name_cmp)))
> + {
> + BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
> + db->db->error,db->db->arg1,db->db->arg2);
> + return 0;
> + }
> + return 1;
> + }
>
> so the ca.c sourcecode of openssl leads to the idea you are trying to
> issue a certificate with the same dn as an already exiting certificate?
>
> openssl doesn't support non-unique DNs in 0.9.7 series
> but there is a patch to enable it... for 0.9.7c i think, you have to
> adopt this for later versions by yourself
>
> 0.9.8 supports non-unique DNs by itself without patching but uses a
> different 'interface' means config option for this, then the patch from
> micha for the 0.9.7c of openssl
>
> so try to use unique DNs for the moment, should 'fix' the 'problem'
>snip>
Thank you very much. However, when I look at all the valid, revoked,
suspended and expired certificates, I see nothing with this DN. We have
tried to issue this cert several times, the first few times with the
wrong CA key password. Could there be an incomplete transaction in the
database so that it thinks there is a duplicate DN? If so, how do I tell
and how do I get it out? Thanks - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
[EMAIL PROTECTED]
If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
