Fredrik Strömberg a écrit :
Hello,
I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?
Not using -config makes openssl use the compiled default, and using my
own while commenting out "database" and "serial" gives me the error
"variable lookup failed for CA_default::database". If they can´t be
disabled I would like to know if there´s a possibility to lock the
files from openssl. Should that not work I need to implement my own
filelocking.
(For the curious: I don´t need serial because I only identify with CN,
and I don´t need a database because I will never revoke any
certificates.)
In my understanding of your problem, the serial number of the
certificate is always required because
you can generate more than one certificate for a given user identified
with a given DN( and not CN)
This arise because you issue a certificate valid from January 1st to
March 31th
the next one valid from April 1st to June 30th etc for example
etc
The only way to distinguish these certificates is the serial number.
I hope this helps
Best regards
Dominique LOHEZ
Any thoughts?
Kind regards,
Fredrik Strömberg
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
Dr Dominique LOHEZ
ISEN
41, Bd Vauban
F59046 LILLE
France
Phone : +33 (0)3 20 30 40 71
Email: dominique.lo...@isen.fr
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
