Crashes when generating certificate

Karl Denninger karl at denninger.net
Mon May 13 22:32:07 UTC 2019 

On 5/13/2019 16:44, Christopher R wrote:
> So I'm trying to create a certificate for a new user on my domain.
> Created the certificate... got everything set up... went to use it and
> the email is completely wrong.  Oops.  Missed it when I updated the
> configuration file, and,unfortunately, its necessary, because login
> depends on the email associated with the certificate.
>
> Ok, take 2.  Delete everything.  Delete the certificates, the request,
> all of it for that new user.  Correct the config file and try again.
> Gets to the end and throws TXT_DB Error number 2.  Look it up and its
> because a certificate with that common name is already in the
> database.  Someone recommends editing that certificate out of the
> database, so I pull up the index file, find the line for the incorrect
> certificate, and delete it.
>
> Cool.  Take 3.  Generates the key and the request.  Try generating the
> certificate... it asks for a password and then does... nothing.  Kicks
> directly to command prompt.  No error.  No lines of text.  No
> questions.  Nothing created.  Password->command prompt.  What is going
> on here and how do I fix this?
>
> All I want is whatever remnants of that incorrect certificate removed,
> where ever they are, and a correct certificate created.

Not sure what you have left, but probably in the certs directory.

In the future REVOKE the one with the bad information, and you can then
create a new one under the same common name.  Since the index file is a
flat file you can edit it, but you also have to make sure the other
places it references are also updated or the software can get confused. 
The better choice when an error is made is to revoke the bad cert, which
prevents this from happen.

-- 
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190513/2818c46b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4897 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190513/2818c46b/attachment.bin>

More information about the openssl-users mailing list