OpenSSL OCSP错误

时间:2015-06-29 15:51:11

标签: openssl ocsp

我设置了一个OpenSSL OCSP-Responder,当我尝试验证证书时出现此错误:

    Waiting for OCSP client connections...
error creating serial number index:(2,5,6)
139796227208864:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:335:group= name=unique_subject

index.txt如下所示:

V   20250623124428Z "empty" 71  unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=H4WRSUoHQ9@pqr36g64vq.bRC
V   20250623124434Z "empty" C9  unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=fyONRGqOUF@iOYo0FAcqM.6vv
R   20250623173301Z 150626174629Z   3   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
V   20250623124441Z "empty" DA  unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=fOvgwBKA1j@otFD0az5UD.QaH
V   20250623124447Z "empty" 81  unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=reeU9ujiyu@TuloIkdQCU.H23
R   20250623173250Z 150626174629Z   1   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
V   20250623151856Z "empty" 1   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=vH4cs0tQn4@oSePgFcxth.Uet
V   20250623155859Z "empty" 1   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=HX2arrilSc@EiZyCuEOA1.QbO
R   20250623173255Z 150626174629Z   2   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
R   20250623155941Z 150626172924Z   1   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=Rk6jJcfB55@GKgPJtrwaY.QDn
V   20250623172650Z "empty" 1   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=tmKbm8fwq7@48ZfE0tlRr.5Mw
V   20250623172656Z "empty" 1   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=ApN2299vvY@EmM17oqADj.476
R   20250623173356Z 150626174629Z   4   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
R   20250623173423Z 150626174629Z   5   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
R   20250623173426Z 150626174629Z   6   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
R   20250623173428Z 150626174629Z   7   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
R   20250623173430Z 150626174629Z   8   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
R   20250623173432Z 150626174629Z   9   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
R   20250623173434Z 150626174629Z   A   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
R   20250623173436Z 150626174629Z   B   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
R   20250623174556Z 150626174629Z   C   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de
V   20250623174629Z "empty" D   unknown /C=DE/ST=NRW/L=Minden/O=FH Bielefeld/OU=Technik/CN=****@****.de

(*仅用于匿名化)

存在一个串行文件以及正确的证书。我这样称呼OCSP:

openssl ocsp -index /opt/pki/ca/index.txt -port 8888 -rsigner /opt/pki/va/va-cert.crt -rkey /opt/pki/va/va-key.pem -CA /opt/pki/ca/ca-cert.pem -text

有人知道错误并可以帮助我吗?

谢谢

1 个答案:

答案 0 :(得分:0)

我找到了解决方案。 OCSP无法处理多个相等的ID(第4列)。