On Fri, 2005-09-02 at 16:37 +0200, Ives Steglich wrote: > John A. Sullivan III wrote: > > > I used openssl x509 to examine the subject of every cert in > > var/crypto/certs. Somehow, the very last two have the same DN. I > > quadruple checked and they match character for character including > > checking for terminating or initial spaces. > > > i think this is exactly the problem or better openssl does have here ;) > > > Could this be creating this problem? If so, how do I safely remove them? > > Can I revoke them or, as I would suspect, will this create still show > > duplicate DNs in the database? Thanks - John > > no revoking would just add it to the crl if you issue one > but it would still appear in the list of issued certificates of course > but you can try to remove one entry from the openssl index file, usaly > this should help > > (i'm not sure if openca may rebuild this from its own database, you it > would maybe add this entry again - just try... otherwise you have to > remove it from the internal openca db too, would be easy if you use a > real sql system...) > > so next time you can just check var/crypto/index since this is the > internal openssl db... if you find there a line with the same DNs > openssl will usaly fail to operate... with this kind of error message > you have > <snip> OK - I think we're finally out of the woods! We reverted to the backup of the PKI from just before the operator deleted the line from the index file in order to issue a cert with a duplicate DN. We are now up and running again.
Thus, the problem was not the cert we were trying to issue but the one immediately before it which was a forced duplicate DN. Thanks to everyone for their generous and prompt help. And who says open source is not well supported! - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 [EMAIL PROTECTED] Financially sustainable open source development http://www.opensourcedevel.com ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
