Revoking CA issued certificate requires CA private key. It is necessary to sign CRL. Maybe on that other machine were located your CA? Citējot *Daniel Spannbauer <d...@marco.de> [1]*: > Am 07/18/2011 08:09 PM, schrieb y...@inbox.lv: > > is that really a self signed certificate? For self signed > certificates > > names of issuer > > are the same as names of subject. In your example OU and CN > are not the > > same. > > Also, according to wikipedia, self signed certificates (root > > certificates) cannot be revoked, > > although I do not understand why. (CRL could be signed by > certificates > > own key). > > > > yes, I think its a self-signed certificate. I did this years ago > with a > HowTo for OpenVPN. I revoked a certificate 2 years ago on an other > machine.... > There the entry in index.txt lokks like this: > > R 191122112605Z 100607152858Z 0B unknown > /C=DE/ST=BY/O=xxx/OU=Ben Zuhause/CN=Ben Zuhause/Email=xxx > > Regards > > Daniel > > > > > > > > > Citējot *Daniel Spannbauer <d...@marco.de> > <mailto:d...@marco.de>*: > > > > Hello, > > > > I use self-signed certificates for my VPN. Now, I try to > revoke a crt. > > I called: openssl ca -revoke edge.crt -config vpn.conf > > But I get the error: > > "ERROR:name does not match /C=DE/ST=BY/O=xxx/OU=edge > am/CN=edge > > am/emailAddress=xxx" > > > > The header of the crt: > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: 8 (0x8) > > Signature Algorithm: md5WithRSAEncryption > > Issuer: C=DE, ST=BY, L=yyy, O=xxx, OU=gate tun1, CN=gate > > tun1/Email=xxx > > Validity > > Not Before: May 14 11:12:27 2010 GMT > > Not After : May 11 11:12:27 2020 GMT > > Subject: C=DE, ST=BY, O=xxx, OU=edge am, CN=edge > am/Email=xxx > > Subject Public Key Info: > > Public Key Algorithm: rsaEncryption > > RSA Public Key: (1024 bit) > > > > > > The entry in index.txt: > > V 200511111227Z 08 unknown > > /C=DE/ST=BY/O=xxx/OU=edge am/CN=edge am/Email=xxx > > > > > > In my opinion, there is no error in crt or index.txt. Can > anybody help > > me to find the error? > > > > Regards > > > > Daniel > > > > > > -- > > Daniel Spannbauer Software Entwicklung > > marco Systemanalyse und Entwicklung GmbH Tel +49 8333 > 9233-27 Fax -11 > > Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 > 4033220 > > http://www.marco.de/ Email d...@marco.de > > Geschäftsführer Martin Reuter HRB 171775 Amtsgericht > München > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > > > > > -- > Daniel Spannbauer Software Entwicklung > marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 > Fax -11 > Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 > http://www.marco.de/ Email d...@marco.de > Geschäftsführer Martin Reuter HRB 171775 Amtsgericht > München > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > majord...@openssl.org
Links: ------ [1] mailto:d...@marco.de
