The problem with this scheme is that it doesn't deal well with parallel certificate signatures. You have one shared information that must be incremented in an atomic way. But for a "Junk CA" (that's how I call the set of scripts I use), that's not a problem.
another approach is to take the value of 'time' (the current second) and append to it the current process number, and, in case of several machines, some number indicating the id of the machine. instead of the process number, any other method to ensure uniqueness within a second may be used. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org