On 05.07.2015 14:19, David Thompson wrote: > Quoting the man page for req(1) -- although depending on the packaging > which I don't know for CentOS it may be a different section like 1s or 1ssl -- > and also on the web https://www.openssl.org/docs/apps/req.html > > -x509 > this option outputs a self signed certificate instead of a certificate request. > This is typically used to generate a test certificate or a self signed root CA. > The extensions added to the certificate (if any) are specified in the > configuration file. Unless specified using the set_serial option, > a large random number will be used for the serial number. > >> would this be also an option when using openssl like this: >> >> openssl ca -batch -config any.cnf -name any_ca -md sha256 -startdate >> ... -enddate ... .... >> > 'ca' always uses the value currently in a 'serial' file configured in the > configuration file, and increments it, thus using sequential numbers > when you issue more than one cert. as you above, "Unless specified using the set_serial option, ..." is it the same with 'serial' file when using openssl ca ...? I mean, would the serial be random, when there is no 'serial' file specified, neither in the openssl.cnf nor at the command parameters ... Thanks, Walter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4312 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150705/cdd2e8a4/attachment.bin>
