openssl cert nightmare

For our internal VPN solution, we use a system called openswan, which pulls it's certs from openssl. I've inherited this system from the previous admin, and am now trying to generate certs. I seem to have corrupted the database, and need to get back to good. Here's what happens:

-creating a new request is fine (/usr/share/ssl/misc/CA -newreq) completes just fine.

-when I attempt to sign the new cert I get this

Code: 
[root@server misc]# /usr/share/ssl/misc/CA -sign
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
ERROR:Serial number 01 has already been issued,
      check the database/serial_file for corruption
The matching entry has the following details
Type      :Valid
Expires on    :150523024719Z
Serial Number :01
File name     :unknown
Subject Name  :/C=US/ST=Virginia/L=Sterling/O=company, Inc./OU=Information Security/CN=RTI/emailAddress=user@company
Signed certificate is in newcert.pem
[root@server misc]#

and my /usr/share/ssl/misc/demoCA/serial file only has "01" in it. I'm not sure what happened, but it sounds like the system didnt' increment the serial like it should have

Any ideas?

 

 

 

 

Top