I started out making certs from csrs with:
openssl ca -config $dir/openssl-intermediate.cnf -extensions usr_cert
-days 375 -notext -md sha256 \
-in $dir/csr/$clientemail.csr.$format -out
$dir/certs/$clientemail.cert.$format
And that worked well enough, but I found some limitations (DER) with it
and switched to:
openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\
-extensions usr_cert -sha256\
-set_serial 0x$(openssl rand -hex $sn)\
-inform $format -in $dir/csr/$clientemail.csr.$format\
-outform $format -out $dir/certs/$clientemail.cert.$format\
-CAkeyform $format -CAkey $dir/private/intermediate.key.$format\
-CAform $format -CA $dir/certs/intermediate.cert.$format
I just noticed that this format does not update the index.txt file.
Why? What do I need to add so it does?
Bob
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
