[openssl-users] Not updating index.txt
Dr. Stephen Henson
steve at openssl.org
Tue Aug 29 23:24:09 UTC 2017
On Tue, Aug 29, 2017, Robert Moskowitz wrote:
> I started out making certs from csrs with:
>
> openssl ca -config $dir/openssl-intermediate.cnf -extensions
> usr_cert -days 375 -notext -md sha256 \
> -in $dir/csr/$clientemail.csr.$format -out
> $dir/certs/$clientemail.cert.$format
>
> And that worked well enough, but I found some limitations (DER) with
> it and switched to:
>
>
> openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\
> -extensions usr_cert -sha256\
> -set_serial 0x$(openssl rand -hex $sn)\
> -inform $format -in $dir/csr/$clientemail.csr.$format\
> -outform $format -out $dir/certs/$clientemail.cert.$format\
> -CAkeyform $format -CAkey $dir/private/intermediate.key.$format\
> -CAform $format -CA $dir/certs/intermediate.cert.$format
>
> I just noticed that this format does not update the index.txt file.
> Why? What do I need to add so it does?
>
Unlike ca the index.txt file is not used by the x509 utility at all it also
only uses the configuration file for extensions.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list