Hi Frederik, > -----Original Message----- > From: Fredrik Strömberg > > I want to sign a certificate without using the index or serial files. > Can someone tell me how to disable them?
you can't. But why would you care about openssl internals? Just generate your certificates and fine. > Not using -config makes openssl use the compiled default, and using my > own while commenting out "database" and "serial" gives me the error > "variable lookup failed for CA_default::database". If they can´t be > disabled I would like to know if there´s a possibility to lock the > files from openssl. Should that not work I need to implement my own > filelocking. > > (For the curious: I don´t need serial because I only identify with CN, > and I don´t need a database because I will never revoke any > certificates.) Every certificate needs a serial, so you can't generate a certificate without a serial. Please also note that the subject name can't be used to identify a specific certificate, lest the subject name's CN RDN. For uniquely identifying a certain certificate you always need one of the couples (issuer, serial), (issuer, subject key identifier) or (issuer, subject - in case the CA's policy forbids the issuance of 2 cetificates for the same subject name). HTH, Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
