Opened 11 years ago
Closed 8 years ago
#229 closed Bug / Defect (wontfix)
easy-rsa: failed to update database > TXT_DB error number 2
Reported by: | SiB | Owned by: | Eric Crist |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | easy-rsa | Version: | OpenVPN 2.2.2 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Hello,
OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Windows XP 32bit, Windows 7 32bit, Windows 7 64bit
I try create a certs using included "easy-rsa", I do all correct with README.txt and OpenVPN.org>HOWTO.
Three bat scripts create a something in index.txt who generate errors.
I attach one process who show the problem as perfect as I can do it.
When I do official Howto way, I receive error:
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -days 3650 -out c:\PROGRA~2\OpenVPN\easy-rsa\keys\client1.crt -in c:\PROGRA~2\OpenVPN\easy-rsa\key \client1.csr -config openssl-1.0.0.cnf
...
Certificate is to be certified until Oct 5 21:19:18 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
To solve this I must do "echo. 2>keys\index.txt" to do empty file every I use one of them: build-key.bat, build-key-server.bat, revoke-full.bat . I understand it's not good method - I cannot what problems I do by this then write this case.
Please correct this easy-rsa scripts.
Best Regards
Marcin Przysowa
Attachments (1)
Change History (7)
Changed 11 years ago by
Attachment: | bug_gen_cert.txt added |
---|
comment:1 Changed 11 years ago by
I still think that README.txt have error. In README.txt haven't any WARNING that easy-rsa are working good ONLY when you input (for ALL CLIENT certification (build-key.bat)) DIFFERENT Common Name! value for each build client cert.
I found not solution but workaround this situation by adding this:
echo unique_subject = no >%d%\index.txt.attr
at the end of 'clean-all.bat'.
Now, clean-all.bat create a file index.txt.attr with information about Common Name can be repeat (no unique) and now I can working with this easy-rsa addon.
Please add any information/warning to README.txt file for new people who will be try generate certs from this README.txt file and they will be used the same CN and others entry.
Best Regards
Marcin Przysowa
comment:2 Changed 11 years ago by
I've had this error with recent version of easy-rsa (2.2.0 works). These differ from older versions in that the following lines are included in easy-rsa/2.0/vars:
export KEY_CN=changeme export KEY_NAME=changeme export KEY_OU=changeme export PKCS11_MODULE_PATH=changeme export PKCS11_PIN=1234
Commenting these lines out leads to the old behavior, which allows you to create keys correctly with a unique CN.
comment:3 Changed 11 years ago by
Owner: | set to Eric Crist |
---|---|
Status: | new → assigned |
comment:4 Changed 11 years ago by
Component: | Generic / unclassified → easy-rsa |
---|
comment:5 Changed 10 years ago by
Milestone: | release 2.2.2 |
---|
There is now a new version of easy-rsa out, which AFAIK is a complete rewrite. Still, it might make sense to fix this in the easy-rsa 2.2 branch. Pekster or ecrist can have a look...
comment:6 Changed 8 years ago by
Resolution: | → wontfix |
---|---|
Status: | assigned → closed |
easy-rsa 2.x is effectively unmaintained -> closing as "wontfix". Please use easy-rsa 3.x instead:
If you absolute want this bug fixed, please send a patch to the easy-rsa developers.
my todo to show the error.