Am Fre, 2003-08-01 um 19.59 schrieb Gavin Davenport: > 10. Sign the roadwarrior certificate.
> I'm having problems getting stage 10 to work. I think I have created a > Roadwarrior certificate, but when I sign it, the resultant file > newcert.pem is 0 bytes long: > > root]# /usr/share/ssl/misc/CA -sign > gives the error > ERROR:There is already a certificate for /C=GB/ST=London/L=....... > OpenSSL keeps a database of all certificates it has signed. If you use the CA command the database is usually stored in demoCA/index.txt. If you create a second certificate with the same description, OpenSSL will give the above error. Try to modify the Sign-Request by adding a number to it or something similar. Then you should be able to sign the request and get a certificate. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection fr Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
