Stephen Henson via RT wrote: > [[EMAIL PROTECTED] - Mon Aug 26 10:33:29 2002]: > > >>I found the solution: I just commented out the lines 675-676 in > > apps/ca.c - > >>now everything works as expected. >> > > > Since this just disables the check it isn't a good idea.
It is not disabled - some other check then tells me what went wrong when I force an error by editing the serial file. This error message (which I don't remember) was far better than that simple 'bad serial number length' which does not mean more that 'ouch' to me. ;-) > The error message suggested that index.txt has somehow had an invalid > serial number written to it. What does you index.txt and your serial > file look like when you get this message? This is what I did after 'make install': cd /usr/local/ssl mkdir rootCA [edited openssl.cnf and adjusted the paths accordingly] cd rootCA touch index.txt [edited serial and inserted one line containing '00'] So index.txt was a zero byte file, serial contains '00'. Then I created the CA and the 1st server cert w/o problems. The 2nd cert signing fails then. BTW, it would be great if 'make install' would setup the demoCA directory with proper index.txt and serial (AFAIK this was the case for older versions). Olaf ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
