On Thu, Dec 04, 2003, Charles B Cranston wrote: > Peter Sylvester comments that a -set_serial option got added > to x509 -- my systems people somehow think it optional to > install man pages, but I did find it using the --help option > of the program itself. It is documented in the man page at > the openssl web site. > > My memory is now that I had to use a file to pass the serial > number to "ca" in that long Perl program because OpenSSL > expected to increment and write it back, and was unhappy with > not being able to write to the read end of the pipe or some > such thing. > > Though I thought this OS had bidirectional pipes. > > Something else to investigate in my copious free time... >
The 'ca' command may well need temporary files to automate some operations. The serial number file is renamed and rewritten so a pipe wont work. You can use the 'x509' command in a more automated manner for certificate signing, the only things it currently wont do are SPKAC signing and CRL generation which I'd guess you need. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
