Hi Michael,
>From your listing, the serial file is empty. Since you haven't generated any
>certificates before (the index.txt file is empty), the serial file should contain the
>string 01. See below for details.
The openssl.cnf file defines the location of index.txt and serial files. The relevant
parameters in openssl.cnf are: "dir=", "database=" (pointing to index.txt) and
"serial=".
Serial file contains the serial number which will be assigned to the next issued
certificate; each time a new certificate is issued, the number in the serial file is
incremented. The file index.txt stores the details about the certificates that have
been generated so far.
The third column of index.txt shows the serial number for each certificate. Therefore,
serial file must contain a number higher than any other serial number from index.txt.
If index.txt is empty (no certificates issued), the serial file should contain the
string "01" (without quotation marks).
Hope this helps.
Best regards,
Sebastian
E-mail: [EMAIL PROTECTED]
Michael Howard (8/13/2001 2:49 PM):
>OpenSLL Folks,
>
>I am using OpenSSL 0.9.6 24 Sep 2000 and
>issued the following:
>
>openssl ca -policy policy_match -days 365 -md md5 -out ./SRVcert.pem -keyfile
>./CAkey.pem -cert ./CAcert.pem \
>>-outdir . -infiles ./SRVreq.pem
>
>And saw:
>
>Using configuration from /usr/local/ssl/openssl.cnf
>Enter PEM pass phrase:
>unable to load number from /usr/local/ssl/certs/mycerts/serial
>error while loading serial number
>13252:error:0D065085:asn1 encoding routines:a2i_ASN1_INTEGER:short line:f_int.c:210:
>
>I touched both /usr/local/ssl/certs/mycerts/index.txt and serial
>as seen below:
>
>drwxr-xr-x 2 root root 4096 Aug 13 08:35 .
>drwxr-xr-x 3 root root 4096 Aug 10 13:06 ..
>-rw-r--r-- 1 root root 1419 Aug 10 13:10 CAcert.pem
>-rw-r--r-- 1 root root 951 Aug 10 13:10 CAkey.pem
>-rw-r--r-- 1 root root 0 Aug 10 13:46 index.txt
>-rw-r--r-- 1 root root 0 Aug 13 08:35 serial
>-rw-r--r-- 1 root root 0 Aug 13 08:47 SRVcert.pem
>-rw-r--r-- 1 root root 887 Aug 10 13:13 SRVkey.pem
>-rw-r--r-- 1 root root 818 Aug 10 13:13 SRVreq.pem
>
>
>From what I've read, index.txt is used to store certificate databases
>and serial is for serial number of certificates issue by me.
>
>How are are serial number generated and now are they stored in the
>file "serial" ?
>
>Thanks
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
