Today, I attempted to revoke-renewed those certs which failed, although I was able to revoke them manually with openssl.
I then tried to renew some expired certs and get:
The same error occurs if i create new CSRs and attempt to sign-req (whether client or server)Easy-RSA error:
sign_req - Randomize Serial number failed:
Using configuration from /home/norm/easy-rsa/pki/openssl-easyrsa.cnf
easyrsa_openssl - Command has failed:
* openssl ca -status 3b11ea....
I installed haveged (entropy generator) although it seems entropy problems are unlikely these days; it didn't make a difference.
I tried a script to rebuild index.txt; no difference.
If I manually set up the environment variables, and run
Code: Select all
openssl ca -config ./openssl-easyrsa.cnf -status (serialnumber)
Please can anyone help?