OpenVPN Support Forum

Hello

I accidentally used build-key-pass with the same client name as I had already created key and cert files for using build-key. Presumably because the client already existed, build-key-pass failed with "TXT_DB error number 2". Now the $KEY_DIR/<client name>.crt file is empty. Trying to clean up with revoke-full generates "error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE" presumably because of the empty .crt file.

How to clean up?

The earlier client files should be available from backup.

EDIT: OpenVPN 2.1.3 running on Debian 6 Squeeze

Best

Charles

See
$KEY_DIR/index.txt
$KEY_DIR/serial
for glues. You'll figurea out what lines to delete.

Thanks Mimiko

That was quick!

I deleted all the $KEY_DIR/<client name>.* files and the client's line from $KEY_DIR/index.txt after which build-key-pass was able to create files for the client name.

I couldn't see any use for $KEY_DIR/serial in this fix ... ?

Best

Charles

The $KEY_DIR/serial file stores next index to use.

Mimiko wrote:The $KEY_DIR/serial file stores next index to use.

Thanks

If I hadn't created another client in the meantime, I could have set it back. Will there be any consequences from leaving it as-is?

This file is modified every time you create another client. So you may not worried about it content.

Thanks Mimiko Problem solved; all good.