> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills > Sent: Tuesday, 02 October, 2012 17:06
> I deleted index.txt and reset serial.txt to 00 and that > solved the problem. > > Hope that was not a terrible idea. > If this was play data as said it shouldn't hurt, but I'm not sure it's a true solution since I didn't see anything wrong in the data you showed in your previous message (to which I was working on a reply when you sent this update). > I understand that I have lost the ability to revoke any previous > certificates. > To be exact, not entirely. If you put a higher value like 20 in serial.txt and thus use distinct serial values going forward, you could manually reinsert a "forgotten" old entry back into the "database", which is enough to revoke it with 'ca' (or 'ocsp'). Even if you reuse serials, you could revoke the serial for an old cert at the cost of also revoking some new(er) cert, which you would presumably then replace. Real CAs replace certs sometimes, for a variety of reasons, so that's not crazy but is extra work. But for play data no one should really rely on these certs anyway so there's no risk in leaving them "valid". I assume you are doing this for testing, so just test with the new ones and discard the old. Also, what did you use for 'days' (validity period)? If it's short, once your old certs expire their revocation status doesn't matter. > I won't edit index.txt again. > If you editted, as opposed to just deleting as mentioned before, it's possible you messed something up in the file. If the problem doesn't recur, I'd accept that as a not-impossible explanation (cf Sherlock Holmes). But I suggest keeping track of what you do, so if the problem does recur you can post a complete scenario for us (maybe but not necessarily me) to look at. > Charles > > -----Original Message----- > From: Charles Mills [mailto:charl...@mcn.org] > Sent: Tuesday, October 02, 2012 9:03 AM > To: 'openssl-users@openssl.org' > Subject: RE: Documentation for TXT_DB errors? <snip most as superceded, but one point I wanted to keep:> > Hmmm. It's working so I don't think I'll touch it. I know it > took a lot of > hacking to get it to work. Again, may I repeat my plea for > documentation? > Why do open source projects attract plenty of coders but not > tech writers? > Aren't there tech writers who would love to make a > contribution to open > source? > Yes, documentation is a problem for lots of open-source, and openssl is unfortunately quite typical in this area. But until people volunteer, or somebody pays, that's life. I think this list does help some -- and to a point I snipped, your questions WEREN'T dumb or inappropriate in my opinion, and certainly no one else raised any objection. Cheers. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
