[openssl-users] Certificate serialnumber?

Walter H. Walter.H at mathemainzel.info
Sun Jul 5 13:43:30 UTC 2015

On 05.07.2015 14:19, David Thompson wrote:
> Quoting the man page for req(1) -- although depending on the packaging
> which I don't know for CentOS it may be a different section like 1s or 1ssl --
> and also on the web https://www.openssl.org/docs/apps/req.html
> -x509
>      this option outputs a self signed certificate instead of a certificate request.
> This is typically used to generate a test certificate or a self signed root CA.
> The extensions added to the certificate (if any) are specified in the
> configuration file. Unless specified using the set_serial option,
> a large random number will be used for the serial number.
>> would this be also an option when using openssl like this:
>> openssl ca -batch -config any.cnf -name any_ca -md sha256 -startdate
>> ...  -enddate ... ....
> 'ca' always uses the value currently in a 'serial' file configured in the
> configuration file, and increments it, thus using sequential numbers
> when you issue more than one cert.
as you above, "Unless specified using the set_serial option, ..."
is it the same with 'serial' file when using openssl ca ...?
I mean, would the serial be random,
when there is no 'serial' file specified, neither in the openssl.cnf nor 
at the command parameters ...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150705/cdd2e8a4/attachment.bin>

More information about the openssl-users mailing list