RE: [Openvpn-users] Error generating certs

["Tibbs, Richard" <rwtibbs@xxxxxxxxxxx>]

See my post for suggested update to openvpn howto.
Essentially you have to use a different "common name" (sometimes called
distinguished name, DN) for each of home and office.
Just use a different email address when prompted for the common name.
(I was prompted for an email address in addition to the common name, and
entered the same one. I think that is optional in openssl.cnf)

Rick

-----Original Message-----
From: Michael Perry [mailto:meperry@xxxxxxxxx] 
Sent: Tuesday, February 01, 2005 11:49 AM
To: Tibbs, Richard
Subject: Re: [Openvpn-users] Error generating certs

On Sun, 30 Jan 2005 15:52:44 -0500, Tibbs, Richard <rwtibbs@xxxxxxxxxxx>
wrote:
> 
> 
> Dear list,
> Using the openvpn how-to, section 8, Build RSA Certificates and keys,
> I generated the cakey and crt,
> generated the office key and crt,
> but when generating the home key and cert, when I enterd the command
> 
> openssl ca -out home.crt -in home.csr,
> 
> I was promted to sign the cert, said y, then got this error message:
> 
> failed to update database
> TXT_DB error number 2
> 
> What is going on here?
> 
> TIA,
> Rick.
> 

Richard-

Did you ever get this solved?  I had the same thing happen here on a
debian system and I ended up having to recreate the serial file and
reseed it and do a new index file.  I then edited openssl.cnf and
changed the names to make things work.  With the instructions on the
website, I could not generate a second cert and had the same error you
received.


-- 
Michael Perry
meperry@xxxxxxxxx


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users