Re: [openssl-users] Not updating index.txt
On 08/29/2017 07:24 PM, Dr. Stephen Henson wrote: On Tue, Aug 29, 2017, Robert Moskowitz wrote: I started out making certs from csrs with: openssl ca -config $dir/openssl-intermediate.cnf -extensions usr_cert -days 375 -notext -md sha256 \ -in $dir/csr/$clientemail.csr.$format -out $dir/certs/$clientemail.cert.$format And that worked well enough, but I found some limitations (DER) with it and switched to: openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\ -extensions usr_cert -sha256\ -set_serial 0x$(openssl rand -hex $sn)\ -inform $format -in $dir/csr/$clientemail.csr.$format\ -outform $format -out $dir/certs/$clientemail.cert.$format\ -CAkeyform $format -CAkey $dir/private/intermediate.key.$format\ -CAform $format -CA $dir/certs/intermediate.cert.$format I just noticed that this format does not update the index.txt file. Why? What do I need to add so it does? Unlike ca the index.txt file is not used by the x509 utility at all it also only uses the configuration file for extensions. This, and what Viktor said is 'waking me up to' req is NOT a solution. Back to ca. thanks -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Not updating index.txt
On Tue, Aug 29, 2017, Robert Moskowitz wrote: > I started out making certs from csrs with: > > openssl ca -config $dir/openssl-intermediate.cnf -extensions > usr_cert -days 375 -notext -md sha256 \ > -in $dir/csr/$clientemail.csr.$format -out > $dir/certs/$clientemail.cert.$format > > And that worked well enough, but I found some limitations (DER) with > it and switched to: > > >openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\ >-extensions usr_cert -sha256\ >-set_serial 0x$(openssl rand -hex $sn)\ >-inform $format -in $dir/csr/$clientemail.csr.$format\ >-outform $format -out $dir/certs/$clientemail.cert.$format\ >-CAkeyform $format -CAkey $dir/private/intermediate.key.$format\ >-CAform $format -CA $dir/certs/intermediate.cert.$format > > I just noticed that this format does not update the index.txt file. > Why? What do I need to add so it does? > Unlike ca the index.txt file is not used by the x509 utility at all it also only uses the configuration file for extensions. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Not updating index.txt
I started out making certs from csrs with: openssl ca -config $dir/openssl-intermediate.cnf -extensions usr_cert -days 375 -notext -md sha256 \ -in $dir/csr/$clientemail.csr.$format -out $dir/certs/$clientemail.cert.$format And that worked well enough, but I found some limitations (DER) with it and switched to: openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\ -extensions usr_cert -sha256\ -set_serial 0x$(openssl rand -hex $sn)\ -inform $format -in $dir/csr/$clientemail.csr.$format\ -outform $format -out $dir/certs/$clientemail.cert.$format\ -CAkeyform $format -CAkey $dir/private/intermediate.key.$format\ -CAform $format -CA $dir/certs/intermediate.cert.$format I just noticed that this format does not update the index.txt file. Why? What do I need to add so it does? Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users