OpenSSL Error 256 when add a new N2N

Hi,

when i try to add a new n2n vpn connection i get a error from openssl 256
The file /var/log/httpd/error_log has this error

commonName :PRINTABLE:‘VPNGATE’
ERROR:Serial number 0E has already been issued,
check the database/serial_file for corruption
The matching entry has the following details
Type :Revoked
Was revoked on:290204231155Z
Expires on :290204231155Z
Serial Number :0E
File name :unknown
Subject Name :/C=AF/O=trudel.trex-tec.de/CN=INGSRV1

Encryption is AES-CBC and Has: SHA2 512 Bit

I checked google and the community but i cant find any solution.
can you please give me an information how i can handle this problem

Thx

Matze

Hi, below you have a link that may help:

edit

Also look in the index.txt file.

The path to the above files in IPFire:
/var/ipfire/ovpn/certs/

edit2

Below are the contents of the files in the new system

Below are the contents of the files after generating root/host certificates.

Below are the contents of the files after adding the N2N test connection.

edit3
Completion of information about index.txt file

The index.txt file is an ascii file consisting of 6 (not 4) tab-separated
fields. Some of those fields may be empty and might appear not to exist at
all.

The 6 fields are:

  1. Entry type. May be “V” (valid), “R” (revoked) or “E” (expired).
    Note that an expired may have the type “V” because the type has
    not been updated. ‘openssl ca updatedb’ does such an update.
  2. Expiration datetime.
  3. Revokation datetime. This is set for any entry of the type “R”.
  4. Serial number.
  5. File name of the certificate. This doesn’t seem to be used,
    ever, so it’s always “unknown”.
  6. Certificate subject name.

Date and time format

yymmddHHMMSSZ (Z = Zulu = UTC)

Information source

1 Like

Okay, i have in /var/ipfire/ovpn/certs/serial the entry 0E.
But what is the correct value?

Okay, i have solved it by adding the correct serial number in hex to this file

thank you for your help :slight_smile:

2 Likes

Hi,

oh, good grief, that should not be necessary. Is this reproducible?

If so, could you please file a bug so this won’t get lost and we can fix it?

Thanks, and best regards,
Peter Müller