On 05.07.2015 14:19, David Thompson wrote:
Quoting the man page for req(1) -- although depending on the packaging which I don't know for CentOS it may be a different section like 1s or 1ssl -- and also on the web https://www.openssl.org/docs/apps/req.html-x509 this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the set_serial option, a large random number will be used for the serial number.would this be also an option when using openssl like this: openssl ca -batch -config any.cnf -name any_ca -md sha256 -startdate ... -enddate ... ....'ca' always uses the value currently in a 'serial' file configured in the configuration file, and increments it, thus using sequential numbers when you issue more than one cert.
as you above, "Unless specified using the set_serial option, ..." is it the same with 'serial' file when using openssl ca ...? I mean, would the serial be random,when there is no 'serial' file specified, neither in the openssl.cnf nor at the command parameters ...
Thanks, Walter
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
