On Tue, Aug 29, 2017, Robert Moskowitz wrote: > I started out making certs from csrs with: > > openssl ca -config $dir/openssl-intermediate.cnf -extensions > usr_cert -days 375 -notext -md sha256 \ > -in $dir/csr/$clientemail.csr.$format -out > $dir/certs/$clientemail.cert.$format > > And that worked well enough, but I found some limitations (DER) with > it and switched to: > > > openssl x509 -req -days 375 -extfile $dir/openssl-intermediate.cnf\ > -extensions usr_cert -sha256\ > -set_serial 0x$(openssl rand -hex $sn)\ > -inform $format -in $dir/csr/$clientemail.csr.$format\ > -outform $format -out $dir/certs/$clientemail.cert.$format\ > -CAkeyform $format -CAkey $dir/private/intermediate.key.$format\ > -CAform $format -CA $dir/certs/intermediate.cert.$format > > I just noticed that this format does not update the index.txt file. > Why? What do I need to add so it does? > Unlike ca the index.txt file is not used by the x509 utility at all it also only uses the configuration file for extensions. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
