[openssl-users] Not updating index.txt

Dr. Stephen Henson steve at openssl.org
Tue Aug 29 23:24:09 UTC 2017

On Tue, Aug 29, 2017, Robert Moskowitz wrote:

> I started out making certs from csrs with:
> openssl ca -config $dir/openssl-intermediate.cnf -extensions
> usr_cert -days 375 -notext -md sha256 \
>       -in $dir/csr/$clientemail.csr.$format -out
> $dir/certs/$clientemail.cert.$format
> And that worked well enough, but I found some limitations (DER) with
> it and switched to:
>    openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\
>        -extensions usr_cert -sha256\
>        -set_serial 0x$(openssl rand -hex $sn)\
>        -inform $format -in $dir/csr/$clientemail.csr.$format\
>        -outform $format -out $dir/certs/$clientemail.cert.$format\
>        -CAkeyform $format -CAkey $dir/private/intermediate.key.$format\
>        -CAform $format -CA $dir/certs/intermediate.cert.$format
> I just noticed that this format does not update the index.txt file.
> Why?  What do I need to add so it does?

Unlike ca the  index.txt file is not used by the x509 utility at all it also
only uses the configuration file for extensions.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list