>>>>> "DdF" == Diego de Felice <[EMAIL PROTECTED]> writes:
DdF> In my experience, if you want to recreate all by scratch, you must
DdF> empty databases but also the OpenSSL files. Remember that OpenCA uses
DdF> OpenSSL to perform all cryptographic operations, so you must empty or
DdF> restart the files: index.txt, crlnumber, serial. If you don't to this
DdF> you'll have CRLs with high serial numbers and with old certificate
DdF> serials inside.
Perhaps the following information will help the OP.
You will want a var/crypto directory tree with the following content:
(I hope that the mail gateway doesn't add newlines.)
drwxr-s--- wwwrun/www 0 2006-12-08 12:44:38 openca/CA/OpenCA/var/crypto/
-rw-r----- wwwrun/www 0 2006-12-08 12:44:38
openca/CA/OpenCA/var/crypto/index.txt
-rw-r----- wwwrun/www 3 2006-12-08 12:44:38
openca/CA/OpenCA/var/crypto/crlnumber
-rw-r----- wwwrun/www 3 2006-12-08 12:44:38
openca/CA/OpenCA/var/crypto/serial
drwxr-s--- wwwrun/www 0 2006-12-08 12:44:38
openca/CA/OpenCA/var/crypto/cacerts/
lrwxrwxrwx root/www 0 2006-12-08 13:29:01
openca/CA/OpenCA/var/crypto/cacerts/bp_cert.pem -> cacert.pem
lrwxrwxrwx root/www 0 2006-12-08 13:29:01
openca/CA/OpenCA/var/crypto/cacerts/keybackup_cert.pem -> cacert.pem
lrwxrwxrwx root/www 0 2006-12-08 13:29:01
openca/CA/OpenCA/var/crypto/cacerts/log_cert.pem -> cacert.pem
lrwxrwxrwx root/www 0 2006-12-08 13:29:01
openca/CA/OpenCA/var/crypto/cacerts/cacert.cer -> cacert.der
lrwxrwxrwx root/www 0 2006-12-08 13:29:01
openca/CA/OpenCA/var/crypto/cacerts/cacert.crt -> cacert.pem
drwxr-s--- wwwrun/www 0 2006-12-08 12:44:38
openca/CA/OpenCA/var/crypto/certs/
drwxr-s--- wwwrun/www 0 2006-12-08 12:45:09
openca/CA/OpenCA/var/crypto/chain/
-rw-r--r-- openca/openca 1538 2006-12-08 12:45:09
openca/CA/OpenCA/var/crypto/chain/Makefile
drwxr-s--- wwwrun/www 0 2006-12-08 12:44:38
openca/CA/OpenCA/var/crypto/crls/
drwxr-s--- wwwrun/www 0 2006-12-08 12:44:38
openca/CA/OpenCA/var/crypto/keys/
lrwxrwxrwx root/www 0 2006-12-08 13:29:01
openca/CA/OpenCA/var/crypto/keys/bp_key.pem -> cakey.pem
lrwxrwxrwx root/www 0 2006-12-08 13:29:01
openca/CA/OpenCA/var/crypto/keys/keybackup_key.pem -> cakey.pem
lrwxrwxrwx root/www 0 2006-12-08 13:29:01
openca/CA/OpenCA/var/crypto/keys/log_key.pem -> cakey.pem
drwxr-s--- wwwrun/www 0 2006-12-08 12:44:38
openca/CA/OpenCA/var/crypto/reqs/
The content of the crlnumber and serial files is one line with "01".
Cheers,
Joachim
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: [EMAIL PROTECTED]
Roedermark, Germany
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
