I've added an OpenVPN client using the OpenVPN's /etc/openvpn/easy-rsa/2.0/build-key-pass script. However, I entered a typo on the person's name field, so I'd like to regenerate it. However, when I re-ran the script, it seemed to run correctly until the end, when it terminated with the error:
failed to update database
TXT_DB error number 2
Googling shows this error is rarely encountered, but in one reported case, a suggested solution was to run openssl ca -revoke <username>.crt.
However, when I try this, I get:
Using configuration from /etc/pki/tls/openssl.cnf
Error opening CA private key /etc/pki/CA/private/cakey.pem
1403244616130376:error:02001002:system library:fopen:No such file or directory:bss_file.c:392:fopen('/etc/pki/CA/private/cakey.pem','r')
1403244616130376:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:394:
unable to load CA private key
So now I'm trying to simply remove my previous crt and start over. How do I do this? I tried manually deleting the *.crt, *.csr, and *.key files generated, but re-running build-key-pass gives me the same db error. What's the best way to resolve this?
Best Answer
Just put it on CRL list and create new cert.