diff --git a/ChangeLog b/ChangeLog
index 2790f2c9..a07abecc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 Easy-RSA 3 ChangeLog
 
+3.2.2 (TBD)
+
+   * Remove redundant file index.txt.attr (da3c249) (#1233)
+
 3.2.1 (2024-09-13)
 
    * inline: Add decimal value for cert. serial (Linux Only) (b33038e) (#1222)
diff --git a/dev/easyrsa-tools.lib b/dev/easyrsa-tools.lib
index ba3e2e37..cf8b62b8 100644
--- a/dev/easyrsa-tools.lib
+++ b/dev/easyrsa-tools.lib
@@ -692,10 +692,6 @@ Run easyrsa without commands for usage and command help."
 	creds_in="$in_dir/${file_name_base}.creds"
 	inline_in="$in_dir/inline/${file_name_base}.inline"
 
-	# Upgrade CA index.txt.attr - unique_subject = no
-	print 'unique_subject = no' > "$EASYRSA_PKI/index.txt.attr" || \
-		die "Failed to upgrade CA to support renewal."
-
 	# deprecate ALL options
 	while [ "$1" ]; do
 		case "$1" in
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index f39f270e..b504a375 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -954,6 +954,12 @@ cleanup() {
 		print; cat "$easyrsa_err_log"; print
 	fi
 
+	# Remove redundant file: index.txt.attr
+	if [ -f "$EASYRSA_PKI"/index.txt.attr ]; then
+		rm -f "$EASYRSA_PKI"/index.txt.attr
+		verbose "cleanup: DELETED $EASYRSA_PKI/index.txt.attr"
+	fi
+
 	# undo changes BEFORE delete temp-dir
 	# Remove files when build_full()->sign_req() is interrupted
 	[ "$error_build_full_cleanup" ] && \
@@ -1307,9 +1313,7 @@ Run easyrsa without commands for usage and command help."
 	# Verify expected files are present.
 	# Allow files to be regular files (or symlinks),
 	# but also pipes, for flexibility with ca.key
-	for i in ca.crt private/ca.key \
-			index.txt index.txt.attr serial
-	do
+	for i in ca.crt private/ca.key index.txt serial; do
 		if [ ! -f "$EASYRSA_PKI/$i" ] && \
 			[ ! -p "$EASYRSA_PKI/$i" ]
 		then
@@ -1671,8 +1675,6 @@ Unable to create necessary PKI files (permissions?)"
 	# create necessary files:
 	printf "" > \
 		"$EASYRSA_PKI/index.txt" || die "$err_msg"
-	printf '%s\n' 'unique_subject = no' \
-		> "$EASYRSA_PKI/index.txt.attr" || die "$err_msg"
 	printf '%s\n' "01" \
 		> "$EASYRSA_PKI/serial" || die "$err_msg"
 	unset -v err_msg