On 08/29/2017 07:24 PM, Dr. Stephen Henson wrote:
On Tue, Aug 29, 2017, Robert Moskowitz wrote:I started out making certs from csrs with: openssl ca -config $dir/openssl-intermediate.cnf -extensions usr_cert -days 375 -notext -md sha256 \ -in $dir/csr/$clientemail.csr.$format -out $dir/certs/$clientemail.cert.$format And that worked well enough, but I found some limitations (DER) with it and switched to: openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\ -extensions usr_cert -sha256\ -set_serial 0x$(openssl rand -hex $sn)\ -inform $format -in $dir/csr/$clientemail.csr.$format\ -outform $format -out $dir/certs/$clientemail.cert.$format\ -CAkeyform $format -CAkey $dir/private/intermediate.key.$format\ -CAform $format -CA $dir/certs/intermediate.cert.$format I just noticed that this format does not update the index.txt file. Why? What do I need to add so it does?Unlike ca the index.txt file is not used by the x509 utility at all it also only uses the configuration file for extensions.
This, and what Viktor said is 'waking me up to' req is NOT a solution. Back to ca. thanks -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
