On Fri, Apr 28, 2006, Martin Mller wrote: > --snip-- > >> > >>So, where is the DB? I cant find one in the subdirectories unter > >>/usr/lib/ssl/ . The files which are in there, are completly empty and > >>they dont get a new modificationdate. > >> > >> > > > >Should be a file called index.text under demoCA but if openssl.cnf has been > >modified from the OpenSSL default it could be elsewhere. > > > Ok, I have the index.txt-file. It contains the status of the certs > (V/R), the serialnr und so on. The openssl.cnf is modfied by me, the > only change a made was that the "dir"-var points to /usr/lib/ssl/. > > Is it right, that the index.txt the same is as ca.crl? > >
No, a CRL is generated from index.txt but the formats are completely different. > --snip--- > >The file newca.crl is created, but whats about the crlnumber? > > > >What is in the crlnumber file? > > > > Nothing. The file is completly empty. The filesize is 0 > > >Seems like there is a bug in the CA.pl script which doesn't automatically > >create it. > > > >The file should contain an even number of hex digits. If a CRL has never > >been > >issued before it should contain 01. > > But when I create it and write 01 in the file, the error about the > missing crlnumber is gone. When I revoke a cert, the file inst changed! > > It should change when you generate a CRL,it indicates the number the next CRL will use. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
