Rebuild Index.txt

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
maartendq
OpenVpn Newbie
Posts: 4
Joined: Mon Mar 05, 2012 10:40 pm

Rebuild Index.txt

Post by maartendq » Tue Mar 06, 2012 7:27 am

Hi,

Our index.txt database got screwed and I had to revert to an old index.txt (With several new clients not added yet). I still have all the certificates, csr's and keys of all clients that are not yet written in the index.txt. Is there a way to add signed certificates to the index.txt or rebuild the index.txt? Is that index.txt file only used when using the crl-verify option?

maartendq
OpenVpn Newbie
Posts: 4
Joined: Mon Mar 05, 2012 10:40 pm

Re: Rebuild Index.txt

Post by maartendq » Tue Mar 06, 2012 3:50 pm

Additional question:
Can someone explain the second column in index.txt (with values like 180301135738Z)?

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Rebuild Index.txt

Post by janjust » Tue Mar 06, 2012 4:01 pm

the second column is the certificate expiration date in ASN1_TIME format. The entry '180301135738Z' means the certificate enddate is
2018, March 01 13:57:38 GMT

someone else asked the same question on the openvpn-users mailing list; I've written a little script which attempts to recreate the index.txt file. Works for several index.txt files that I could find. YMMV.

Code: Select all

#!/bin/bash

if [ $# -eq 0 ]
then
  echo "Usage: $0 *.pem"
  exit 1
fi

for cert
do

  enddate=`openssl x509 -enddate -noout -in $cert | sed 's/notAfter=//' | awk '\
    { year=$4-2000;
      months="JanFebMarAprMayJunJulAugSepOctNovDec" ; 
      month=1+index(months, $1)/3 ; 
      day=$2; 
      hour=substr($3,1,2) ; 
      minutes=substr($3,4,2); 
      seconds=substr($3,7,2); 
      printf "%02d%02d%02d%02d%02d%02dZ", year, month, day, hour, minutes, seconds}'`

  serial=`openssl x509 -serial -noout -in $cert  |sed 's/serial=//'`
  subject=`openssl x509 -subject -noout -in $cert  |sed 's/subject= //'`

  echo "V       $enddate                $serial unknown $subject"
done

maartendq
OpenVpn Newbie
Posts: 4
Joined: Mon Mar 05, 2012 10:40 pm

Re: Rebuild Index.txt

Post by maartendq » Wed Mar 07, 2012 2:34 pm

Cheers for the script, I will test it today!

maartendq
OpenVpn Newbie
Posts: 4
Joined: Mon Mar 05, 2012 10:40 pm

Re: Rebuild Index.txt

Post by maartendq » Mon Mar 12, 2012 2:14 pm

Creating the new index worked well, only problem is that you will have to change all white spaces in the index.txt by tabs, else it will give you errors when creating new certificates or revoking certs.

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Rebuild Index.txt

Post by janjust » Mon Mar 12, 2012 4:12 pm

hehe my script contains tabs, put the forum website ignores them :ugeek:

p0o0uya
OpenVpn Newbie
Posts: 6
Joined: Mon Aug 03, 2020 9:52 am

Re: Rebuild Index.txt

Post by p0o0uya » Wed Feb 01, 2023 1:38 pm

janjust wrote:
Tue Mar 06, 2012 4:01 pm
the second column is the certificate expiration date in ASN1_TIME format. The entry '180301135738Z' means the certificate enddate is
2018, March 01 13:57:38 GMT
Well very good to know that the second column gives information about expiration time of a certificate. But can we replace it by our own desired date to force a client expire sooner than the time in their certificate? I am thinking is that possible to create a certificate which is valid for 365 days and make it expire after 30 days which is possible to extend for another 30 days?

Post Reply