Set "unique_subject = no" to allow renewing expired certificates.

Without this, openssl throws an error when creating a second req for the same subject which leads to ikectl deleting the old cert without creating a new one. Reported by Ryan Kavanagh in openiked-portable here: #125 discussed with tb@ ok patrick@
openiked · Nov 17, 2023 · 6a36fe8 · 6a36fe8
1 parent a56a2d1
commit 6a36fe8
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/ikectl/ikeca.cnf b/ikectl/ikeca.cnf
@@ -1,4 +1,4 @@
-# $OpenBSD: ikeca.cnf,v 1.9 2017/01/31 21:35:07 sthen Exp $
+# $OpenBSD: ikeca.cnf,v 1.10 2023/11/17 14:43:36 tobhe Exp $
 
 CERT_C			= DE
 CERT_ST			= Lower Saxony
@@ -104,6 +104,6 @@ serial				= $ENV::CASERIAL
 default_md			= sha256
 default_days			= 365
 default_crl_days		= 365
-unique_subject			= yes
+unique_subject			= no
 email_in_dn			= yes
 policy				= CA_sign_policy