Hi,
The database file (an option in your openssl.conf) handles that
perfectly.
Cheers
Pascal
2010/9/22 Andy GOKTAS andy.gok...@state.or.us
So using the -CAserial serial.srl might be a good idea to avoid this.
Now this leads me to the next question:
- Besides manually documenting a cross-reference for each certificate that
I sign to a serial number, is there any way to have this scripted and for an
appending log to the serial.srl file that's updated each time it's used? In
short, a list of cert name (=CN perhaps) and serial number associated with
it.
??
Thanks,
Andy Goktas
aerow...@gmail.com 9/19/2010 1:53 PM
If you generate multiple certs with the same serial number, Firefox (and
anything built with NSS) will absolutely refuse to have anything to do with
those sites. There's no click 3 times to get access, it's a simple
refusal to talk with a non-standards-compliant server. (Of course, this
puts the owner of the site in a lurch, because he doesn't run the CA in the
vast majority of circumstances.)
Other TLS clients and browsers likely will do the same. I haven't checked
though.
-Kyle H
On Wed, Sep 15, 2010 at 1:34 PM, Andy GOKTAS andy.gok...@state.or.us
wrote:
Hello,
Just curious if anyone knows, but what happens if I generate multiple
server certs (using my self generated signing CA using openssl) that have
the same assigned serial number?
Does this create a conflict within the network and if users's end up
accessing both certs, kabm?
Is it merely a method of basic tracking on how many certificates a CA
signs?
Thanks,
Andy Goktas
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org