I fixed this problem editing my openssl.cfg. In the [CA_default] section add: unique_subject = no
Note there exists an example openssl.cfg in the bin directory of your openssl install. E.g. "C:\Program Files (x86)\OpenSSL-Win32\bin\openssl.cfg". This error may well not arise, and thereby make unnecessary the need to set "unique_subject = no", if you properly revoke the user certificate (presumably the CA database will be properly updated when you do that). So, for example, a guest at http://rt.openssl.org/Ticket/Display.html?id=502#txn-8317 suggested you might be able to ... > properly revoke them using 'openssl ca -revoke xyz.crt' I haven't verified this. But there is also the scenario when you lose the user certificate (for whatever strange reason) but need to (re)create the user certificate with the same subject (but, of course, with a different public and private key), signed by the same certificate authority. In this case setting "unique_subject = no" in openssl.cfg will be the right solution. The text file "index.attr" gets continually overwritten, so adjusting the unique_subject value there only works once (and is therefore not recommended). But thanks for the tip off from the guest in 2004 at http://rt.openssl.org/Ticket/Display.html?id=502#txn-8322. I'm on OpenSSL 1.0.2d. _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev