[openssl-dev] [openssl.org #4021] Openssl. Responding to request tracker: "#502: TXT_DB error number 2" http://rt.openssl.org/Ticket/Display.html?id=502#txn-42752
johnny.bentley@gmail.com via RT
rt at openssl.org
Wed Aug 26 10:42:12 UTC 2015
I fixed this problem editing my openssl.cfg.
In the [CA_default] section add:
unique_subject = no
Note there exists an example openssl.cfg in the bin directory of your
openssl install. E.g. "C:\Program Files
(x86)\OpenSSL-Win32\bin\openssl.cfg".
This error may well not arise, and thereby make unnecessary the need to set
"unique_subject = no", if you properly revoke the user certificate
(presumably the CA database will be properly updated when you do that). So,
for example, a guest at
http://rt.openssl.org/Ticket/Display.html?id=502#txn-8317 suggested you
might be able to ...
> properly revoke them using 'openssl ca -revoke xyz.crt'
I haven't verified this.
But there is also the scenario when you lose the user certificate (for
whatever strange reason) but need to (re)create the user certificate with
the same subject (but, of course, with a different public and private key),
signed by the same certificate authority. In this case setting
"unique_subject = no" in openssl.cfg will be the right solution.
The text file "index.attr" gets continually overwritten, so adjusting the
unique_subject value there only works once (and is therefore not
recommended).
But thanks for the tip off from the guest in 2004 at
http://rt.openssl.org/Ticket/Display.html?id=502#txn-8322.
I'm on OpenSSL 1.0.2d.
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list