Thanks Ralf - I think thats what I was after. I knew there was a database floating around somewhere with things I've done in it.
What commands can I use to see what I've got in there (botched prior attempts, for example). If I'm trying to I think i'm trying to sign the roadwarrioer certificate - how would I 'redo' that stage to get another signed certificate ? Gavin -----Original Message----- From: Ralf Spenneberg [mailto:[EMAIL PROTECTED] Sent: 02 August 2003 12:23 To: Gavin Davenport Cc: FreeS/WAN Subject: Re: [Users] getting roadwarrior/x.509 things working Am Fre, 2003-08-01 um 19.59 schrieb Gavin Davenport: > 10. Sign the roadwarrior certificate. > I'm having problems getting stage 10 to work. I think I have created a > Roadwarrior certificate, but when I sign it, the resultant file > newcert.pem is 0 bytes long: > > root]# /usr/share/ssl/misc/CA -sign > gives the error > ERROR:There is already a certificate for /C=GB/ST=London/L=....... > OpenSSL keeps a database of all certificates it has signed. If you use the CA command the database is usually stored in demoCA/index.txt. If you create a second certificate with the same description, OpenSSL will give the above error. Try to modify the Sign-Request by adding a number to it or something similar. Then you should be able to sign the request and get a certificate. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection fr Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
