Hi, Arnaud ...
On Thu, 31 Aug 2000, Arnaud De Timmerman wrote:
> I'm using the "ca" utility. If I try to give the same DN twice I get :
> ****************
> ERROR:There is already a certificate for...........
> The matching entry has the following details
> Type :Valid
> Expires on :010114104924Z
> Serial Number :01
> File name :unknown
> Subject Name :/C=...........
> ****************
> The exist status is 1.
>
> The "-out" file I gave to the command line is created, but it's empty.
>
> Is there a way to fill this "-out" file with the content of the well done
> previous certificate (with the same DN) ?
the reason for your problem is that the CA keeps track of all certificates
it issues and prevents you from producing more than one certificate for
the same input data (user).
the information about the already produced certificates is stored in the
CA. the CA consists of some files which are named in the config file in
the chapter titled `[ CA_default ]'.
there is just one general way to solve your problem (AFAIK): make the CA
believe that it hasn't already issued a certificate for your input. you
could do this by setting up a whole new CA with just the same private key,
or by manipulating the data the CA has stored in these files. i suggest
to make backups before you start trying ;-)
but maybe your problem is solved earlier (if i understand it right that
you just lost your certificate), because it seems to me that the CA stores
all issued certificates in the directory named at the key `new_certs_dir'.
this is not necessarily ./newcerts/, which you already mentioned. it
depends on your config.
Alfe
____ ________
/___/ /___/___ http://www.alfe.de, [EMAIL PROTECTED], Alfe @ TubMud
/___/___/___/___ Alexander Fetke, Bruno-Taut-Ring 5b, 12359 Berlin
/ /___/ /___ +49 173 6073521, +49 30 60109906, +49 30 44340358
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
