Hi,
I'll add some addition information to my question.
On the webpage http://www.openssl.org/docs/apps/ca.html#,
there are the following descriptions:
-out filename : the output file to output certificates to. The default is
standard
output. The certificate details will also be printed out to this
file.
-outdir directory : the directory to output certificates to. The certificate
will be
written to a filename consisting of the serial number in hex
with
``.pem'' appended.
Nowhere that I could find does it say that it will generate the filename specified
with -out
and another filename as described in -outdir. I would have thought that -out would
override
-outdir.
Giving it more thought, I didn't know if this is intended CA behavior. I am guessing
that
if the CA wants to revoke a certificate, it uses the one with the serial number and
PEM
extension. Can anyone confirm or deny my theory?
Thanks,
Kevin Greaney.
> -----Original Message-----
> From: Greaney, Kevin
> Sent: Tuesday, May 28, 2002 2:48 PM
> To: [EMAIL PROTECTED]
> Cc: Greaney, Kevin
> Subject: Two certs created when signing .CSR with OPENSSL CA.
>
>
>
> Hi,
> I searched through the archives but could not find an
> answer to this
> one. I am trying to sign a certificate request using the
> OPENSSL CA command.
> Here is how I am specifying it:
>
> $ openssl ca -config SSL$CA.CNF -out SIGNED.CRT -infiles REQUEST.CSR
>
> This appears to work fine, creating a signed certificate
> called SIGNED.CRT.
> However, I also get a 01.PEM file that is an exact copy of
> SIGNED.CRT.
> Why am I getting this extra PEM file?
>
> Thanks,
> Kevin Greaney
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
