[openssl-users] Not updating index.txt
Robert Moskowitz
rgm at htt-consult.com
Wed Aug 30 03:35:05 UTC 2017
On 08/29/2017 07:24 PM, Dr. Stephen Henson wrote:
> On Tue, Aug 29, 2017, Robert Moskowitz wrote:
>
>> I started out making certs from csrs with:
>>
>> openssl ca -config $dir/openssl-intermediate.cnf -extensions
>> usr_cert -days 375 -notext -md sha256 \
>> -in $dir/csr/$clientemail.csr.$format -out
>> $dir/certs/$clientemail.cert.$format
>>
>> And that worked well enough, but I found some limitations (DER) with
>> it and switched to:
>>
>>
>> openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\
>> -extensions usr_cert -sha256\
>> -set_serial 0x$(openssl rand -hex $sn)\
>> -inform $format -in $dir/csr/$clientemail.csr.$format\
>> -outform $format -out $dir/certs/$clientemail.cert.$format\
>> -CAkeyform $format -CAkey $dir/private/intermediate.key.$format\
>> -CAform $format -CA $dir/certs/intermediate.cert.$format
>>
>> I just noticed that this format does not update the index.txt file.
>> Why? What do I need to add so it does?
>>
> Unlike ca the index.txt file is not used by the x509 utility at all it also
> only uses the configuration file for extensions.
This, and what Viktor said is 'waking me up to' req is NOT a solution.
Back to ca.
thanks
More information about the openssl-users
mailing list