I fixed this problem editing my openssl.cfg.
In the [CA_default] section add:
unique_subject = no
Note there exists an example openssl.cfg in the bin directory of your
openssl install. E.g. C:\Program Files
(x86)\OpenSSL-Win32\bin\openssl.cfg.
This error may well not arise, and thereby make unnecessary the need to set
unique_subject = no, if you properly revoke the user certificate
(presumably the CA database will be properly updated when you do that). So,
for example, a guest at
http://rt.openssl.org/Ticket/Display.html?id=502#txn-8317 suggested you
might be able to ...
properly revoke them using 'openssl ca -revoke xyz.crt'
I haven't verified this.
But there is also the scenario when you lose the user certificate (for
whatever strange reason) but need to (re)create the user certificate with
the same subject (but, of course, with a different public and private key),
signed by the same certificate authority. In this case setting
unique_subject = no in openssl.cfg will be the right solution.
The text file index.attr gets continually overwritten, so adjusting the
unique_subject value there only works once (and is therefore not
recommended).
But thanks for the tip off from the guest in 2004 at
http://rt.openssl.org/Ticket/Display.html?id=502#txn-8322.
I'm on OpenSSL 1.0.2d.
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
