[openssl-users] Not updating index.txt

Robert Moskowitz rgm at htt-consult.com
Wed Aug 30 03:35:05 UTC 2017

On 08/29/2017 07:24 PM, Dr. Stephen Henson wrote:
> On Tue, Aug 29, 2017, Robert Moskowitz wrote:
>> I started out making certs from csrs with:
>> openssl ca -config $dir/openssl-intermediate.cnf -extensions
>> usr_cert -days 375 -notext -md sha256 \
>>        -in $dir/csr/$clientemail.csr.$format -out
>> $dir/certs/$clientemail.cert.$format
>> And that worked well enough, but I found some limitations (DER) with
>> it and switched to:
>>     openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\
>>         -extensions usr_cert -sha256\
>>         -set_serial 0x$(openssl rand -hex $sn)\
>>         -inform $format -in $dir/csr/$clientemail.csr.$format\
>>         -outform $format -out $dir/certs/$clientemail.cert.$format\
>>         -CAkeyform $format -CAkey $dir/private/intermediate.key.$format\
>>         -CAform $format -CA $dir/certs/intermediate.cert.$format
>> I just noticed that this format does not update the index.txt file.
>> Why?  What do I need to add so it does?
> Unlike ca the  index.txt file is not used by the x509 utility at all it also
> only uses the configuration file for extensions.

This, and what Viktor said is 'waking me up to' req is NOT a solution.

Back to ca.


More information about the openssl-users mailing list