Hi Peter, I tested out the latest nightly build and everything worked fine except for one small hiccup. The fix for creating the IPSec root/host certificate set still gave the same error when first attempted but then created it if the attempt was directly made again. Turns out the addition of unique_subject = yes to /var/ipfire/certs/index.txt.attr is only done in the vpnmain.cgi after the root/host creation was attempted the first time. The patch below ensures that the index.txt.attr file has the unique_subject = yes entry the first time the root/host certificate set creation is attempted. Apart from the above, all the other things I was able to test in IPSec and OpenVPN worked with that latest nightly. Regards, Adolf. On 06/06/2023 12:40, Adolf Belka wrote: > - The fix applied in vpnmain.cgi only adds the unique_subject = yes to the index.txt.attr > file after the first time that the root/host certificates are attempted to be created. > - Without this line in update.sh, the first attempt to create the root/host certificate set > will still have the original error code. If the creation is attempted again then it will > work because the unique_subject = yes will have then been added into the file. > - This patch ensures that the first attempt to create a root/host certificate set in CU175 > will work. > - Confirmed on vm testbed with freshly updated CU175. > > Fixes: Bug#13138 > Tested-by: Adolf Belka > Signed-off-by: Adolf Belka > --- > config/rootfiles/core/175/update.sh | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/config/rootfiles/core/175/update.sh b/config/rootfiles/core/175/update.sh > index 82676bc72..f1c6873c1 100644 > --- a/config/rootfiles/core/175/update.sh > +++ b/config/rootfiles/core/175/update.sh > @@ -191,6 +191,9 @@ if [ -s /var/ipfire/ovpn/ovpnconfig ]; then > done > fi > > +## Add unique_subject = yes to vpn index.txt.attr file > +echo "unique_subject = yes" > /var/ipfire/certs/index.txt.attr > + > # This update needs a reboot... > touch /var/run/need_reboot >