> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Salz, Rich > Sent: Monday, 28 April, 2014 09:37 > > If you are comfortable with the key existing (online?) in multiple places, > make the serial number be a UUID treated as a BIGNUM.
Yes, that's a much simpler solution. It should be trivial to script that - just generate the UUID and write it to the serial-number file as "0x" followed by hex digits before invoking "openssl ca". On Windows you can script generating the UUID with cscript, Powershell, or wmic - there are various examples online. On Linux, UNIX, and iOS, use uuidgen (you may have to grab the source and build it). uuidgen is also available for Windows, e.g. as part of Cygwin. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com
