Ok - I've got one item listed in that file: V 040731141357Z 01 unknown /C=GB/ST=Londo........
What does that refer to ?? Within demoCA there are a few subdirectories.... [EMAIL PROTECTED] demoCA]# ls -lrt total 9 -rw-r--r-- 1 root root 3 Aug 1 15:10 serial.old -rw-r--r-- 1 root root 0 Aug 1 15:10 index.txt.old drwxr-xr-x 2 root root 1024 Aug 1 15:10 crl drwxr-xr-x 2 root root 1024 Aug 1 15:10 certs drwxr-xr-x 2 root root 1024 Aug 1 15:11 private -rw-r--r-- 1 root root 1334 Aug 1 15:11 cacert.pem -rw-r--r-- 1 root root 3 Aug 1 15:14 serial drwxr-xr-x 2 root root 1024 Aug 1 15:14 newcerts -rw-r--r-- 1 root root 137 Aug 1 15:14 index.txt I've got a preshared key tunnel set up to a smoothwall machine at the moment, but I can't seem to get compression working. When I add 'also=private-or-clear', to that connection, the connection doesn't come up. I think it should be able to do it and the fault is at my end. I don't understand what I need to add to the connection profile to enable compression, and NOT use the preshared key ?? Gavin -----Original Message----- From: Ralf Spenneberg [mailto:[EMAIL PROTECTED] Sent: 02 August 2003 13:08 To: Gavin Davenport Cc: FreeS/WAN Subject: RE: [Users] getting roadwarrior/x.509 things working Am Sam, 2003-08-02 um 13.53 schrieb Gavin Davenport: > Thanks Ralf - I think thats what I was after. > I knew there was a database floating around somewhere with things I've done > in it. > > What commands can I use to see what I've got in there (botched prior > attempts, for example). cat demoCA/index.txt > > If I'm trying to I think i'm trying to sign the roadwarrioer certificate - > how would I 'redo' that stage to get another signed certificate ? You would have to handedit this file and the file demoCA/serial It is much easier to create a second certificate which differs a little bit in its description. Cheers, Ralf > > Gavin > > -----Original Message----- > From: Ralf Spenneberg [mailto:[EMAIL PROTECTED] > Sent: 02 August 2003 12:23 > To: Gavin Davenport > Cc: FreeS/WAN > Subject: Re: [Users] getting roadwarrior/x.509 things working > > > Am Fre, 2003-08-01 um 19.59 schrieb Gavin Davenport: > > 10. Sign the roadwarrior certificate. > > > I'm having problems getting stage 10 to work. I think I have created a > > Roadwarrior certificate, but when I sign it, the resultant file > > newcert.pem is 0 bytes long: > > > > root]# /usr/share/ssl/misc/CA -sign > > gives the error > > ERROR:There is already a certificate for /C=GB/ST=London/L=....... > > > OpenSSL keeps a database of all certificates it has signed. If you use > the CA command the database is usually stored in demoCA/index.txt. > If you create a second certificate with the same description, OpenSSL > will give the above error. Try to modify the Sign-Request by adding a > number to it or something similar. Then you should be able to sign the > request and get a certificate. > > Cheers, > > Ralf > -- > Ralf Spenneberg > RHCE, RHCX > > Book: Intrusion Detection fr Linux Server http://www.spenneberg.com > IPsec-Howto http://www.ipsec-howto.org > Honeynet Project Mirror: http://honeynet.spenneberg.org -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
