Am 07/18/2011 08:09 PM, schrieb y...@inbox.lv: > is that really a self signed certificate? For self signed certificates > names of issuer > are the same as names of subject. In your example OU and CN are not the > same. > Also, according to wikipedia, self signed certificates (root > certificates) cannot be revoked, > although I do not understand why. (CRL could be signed by certificates > own key). >
yes, I think its a self-signed certificate. I did this years ago with a HowTo for OpenVPN. I revoked a certificate 2 years ago on an other machine.... There the entry in index.txt lokks like this: R 191122112605Z 100607152858Z 0B unknown /C=DE/ST=BY/O=xxx/OU=Ben Zuhause/CN=Ben Zuhause/Email=xxx Regards Daniel > > > Citējot *Daniel Spannbauer <d...@marco.de> <mailto:d...@marco.de>*: > > Hello, > > I use self-signed certificates for my VPN. Now, I try to revoke a crt. > I called: openssl ca -revoke edge.crt -config vpn.conf > But I get the error: > "ERROR:name does not match /C=DE/ST=BY/O=xxx/OU=edge am/CN=edge > am/emailAddress=xxx" > > The header of the crt: > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 8 (0x8) > Signature Algorithm: md5WithRSAEncryption > Issuer: C=DE, ST=BY, L=yyy, O=xxx, OU=gate tun1, CN=gate > tun1/Email=xxx > Validity > Not Before: May 14 11:12:27 2010 GMT > Not After : May 11 11:12:27 2020 GMT > Subject: C=DE, ST=BY, O=xxx, OU=edge am, CN=edge am/Email=xxx > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > > > The entry in index.txt: > V 200511111227Z 08 unknown > /C=DE/ST=BY/O=xxx/OU=edge am/CN=edge am/Email=xxx > > > In my opinion, there is no error in crt or index.txt. Can anybody help > me to find the error? > > Regards > > Daniel > > > -- > Daniel Spannbauer Software Entwicklung > marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 > Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 > http://www.marco.de/ Email d...@marco.de > Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email d...@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
