Am Sam, 2003-08-02 um 13.53 schrieb Gavin Davenport: > Thanks Ralf - I think thats what I was after. > I knew there was a database floating around somewhere with things I've done > in it. > > What commands can I use to see what I've got in there (botched prior > attempts, for example). cat demoCA/index.txt > > If I'm trying to I think i'm trying to sign the roadwarrioer certificate - > how would I 'redo' that stage to get another signed certificate ? You would have to handedit this file and the file demoCA/serial
It is much easier to create a second certificate which differs a little bit in its description. Cheers, Ralf > > Gavin > > -----Original Message----- > From: Ralf Spenneberg [mailto:[EMAIL PROTECTED] > Sent: 02 August 2003 12:23 > To: Gavin Davenport > Cc: FreeS/WAN > Subject: Re: [Users] getting roadwarrior/x.509 things working > > > Am Fre, 2003-08-01 um 19.59 schrieb Gavin Davenport: > > 10. Sign the roadwarrior certificate. > > > I'm having problems getting stage 10 to work. I think I have created a > > Roadwarrior certificate, but when I sign it, the resultant file > > newcert.pem is 0 bytes long: > > > > root]# /usr/share/ssl/misc/CA -sign > > gives the error > > ERROR:There is already a certificate for /C=GB/ST=London/L=....... > > > OpenSSL keeps a database of all certificates it has signed. If you use > the CA command the database is usually stored in demoCA/index.txt. > If you create a second certificate with the same description, OpenSSL > will give the above error. Try to modify the Sign-Request by adding a > number to it or something similar. Then you should be able to sign the > request and get a certificate. > > Cheers, > > Ralf > -- > Ralf Spenneberg > RHCE, RHCX > > Book: Intrusion Detection fr Linux Server http://www.spenneberg.com > IPsec-Howto http://www.ipsec-howto.org > Honeynet Project Mirror: http://honeynet.spenneberg.org -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
