On 7/18/06, Michael P. Soulier <[EMAIL PROTECTED]> wrote:
Kyle Hamilton wrote:
> You should be able to issue multiple certs to the same CN. One such
> example would be an email-signing certificate, and a separate
> code-signing certificate.
Thanks for the quick answer.
I've had problems doing this. The openssl tool complains that there is
already a cert with that CN. Is this configurable?
It checks index.txt to see if there is a valid certificate with the
same CN. That's the only real gotcha I know about when relying on
index.txt. We don't use index.txt, and have to cp /dev/null index.txt
every time we sign a cert because of this issue.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
