Hi Daniel,
I think the serial number format is wrong.
So I invite you to start at the begining.
Check your index file, default install in /usr/local/ssl/index.
The index file is the database of your certified certificates.
Check your serial file, default install /usr/local/ssl/serial,
The serial file is the incrementation number of certified certificate.
clear both of this files and write in the serial file the number "00"
With that I think you could create 100 certified certificates. If you
put "000" perhaps you could create 1000 certified certificates!
Redo your Root Certificate, and then the user/server/etc. certificate
For each certified certificate the serial number must increase (+1) and
The index file must register each of them.
Hope to be helpful
Ciao!
Daniel Suen wrote:
>
> Hi all,
>
> When I do a sign operation, I get the error:
>
> entry 1: bad serial number length (1)
>
> What does this mean? My command is,
>
> openssl ca -in my-certreq.pem
>
> The error occurs right after I completed the CA's passphase. I could sign
> one certificate without problem, but this is the second one I want to sign,
> and I get stucked with this error. I am using openssl that comes with RH
> 7.1, the version of which should be 0.9.6-03.
>
> Any ideas are deeply appreciated.
>
> -Daniel.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
#----------------------------------------------------------------------
# Averroes A. Aysha http://www.keyserver.net/en/
# Think Linux, Think Slackware!
# Network Security Auditor (NSA)
# [EMAIL PROTECTED]
# Fingerprint = 73B7 2559 2968 5094 3B95 5C70 4E85 5F94 6068 1DD8
#----------------------------------------------------------------------
S/MIME Cryptographic Signature
