On Tue, Jan 11, 2011 at 4:40 PM, Eisenacher, Patrick <patrick.eisenac...@bdr.de> wrote: > Hi Frederik, > >> -----Original Message----- >> From: Fredrik Strömberg >> >> I want to sign a certificate without using the index or serial files. >> Can someone tell me how to disable them? > > you can't. But why would you care about openssl internals? Just generate your > certificates and fine. > >> Not using -config makes openssl use the compiled default, and using my >> own while commenting out "database" and "serial" gives me the error >> "variable lookup failed for CA_default::database". If they can´t be >> disabled I would like to know if there´s a possibility to lock the >> files from openssl. Should that not work I need to implement my own >> filelocking. >> >> (For the curious: I don´t need serial because I only identify with CN, >> and I don´t need a database because I will never revoke any >> certificates.) > > Every certificate needs a serial, so you can't generate a certificate without > a serial. > > Please also note that the subject name can't be used to identify a specific > certificate, lest the subject name's CN RDN. For uniquely identifying a > certain certificate you always need one of the couples (issuer, serial), > (issuer, subject key identifier) or (issuer, subject - in case the CA's > policy forbids the issuance of 2 cetificates for the same subject name). > > > HTH, > Patrick Eisenacher > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org >
Hello Patrick, Thank you for your email. I somehow managed to miss the word "mandatory" in the manual. I guess there´s nothing else for me to do than code a file lock. I need to run multiple openssl instances, and openssl doesn´t lock the serial and index files. That´s why I figured I´d avoid the problem by not using the serial or index file at all, and maybe supply a unique serial from the command line. Kind regards, Fredrik Strömberg ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
