> Unless I'm misreading the code an absent serial number file is an error.
I was looking at load_serial() in apps.c, with the |create| parameter.
/r$
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/open
On Sun, Jul 05, 2015, Salz, Rich wrote:
>
> > > the question: where does the serial number for this certificate come from?
> > > is it random by default when nothing is said about it?
>
> It will be random if (a) the serial file does not exist; and (b) you specify
> the -create_serial flag. Ot
> > the question: where does the serial number for this certificate come from?
> > is it random by default when nothing is said about it?
It will be random if (a) the serial file does not exist; and (b) you specify
the -create_serial flag. Otherwise it opens the file, reads the number
(default
On 05.07.2015 14:19, David Thompson wrote:
Quoting the man page for req(1) -- although depending on the packaging
which I don't know for CentOS it may be a different section like 1s or 1ssl --
and also on the web https://www.openssl.org/docs/apps/req.html
-x509
this option outputs a self si
> From: openssl-users On Behalf Of Ben Humpert
> Sent: Sunday, July 05, 2015 07:58
> Take a look in your openssl.cnf and you should see the option "serial"
> with a path / file specified. The serial number is taken from that
> file. If the file doesn't exists or is empty when the very first
> cert
> From: openssl-users On Behalf Of Walter H.
> Sent: Sunday, July 05, 2015 06:49
> openssl req -new -newkey rsa:2048 -subj '/CN=Squid SSL-Bump
> CA/C=/O=/OU=/' -sha256 -days 365 -nodes -x509 -keyout ./squidCA.pem
> -out ./squidCA.pem
>
> the question: where does the serial number for this certifi
From: openssl-users On Behalf Of Dr. Roger Cuypers
Sent: Friday, July 03, 2015 11:01
> I'm trying to do peer client verification using the
> SSL_CTX_load_verify_locations function
> However, setting only CAPath will not:
> This will result in a X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error.
Take a look in your openssl.cnf and you should see the option "serial"
with a path / file specified. The serial number is taken from that
file. If the file doesn't exists or is empty when the very first
certificate is created then 01 is used as a serial for it.
Rich Salz recommended me this SSL Co
Hello,
I'm using openssl command-line in a Linux-Box (CentOS 6.x with squid)
like this:
I havn't defined anything - everything is set default from the linux
distribution
openssl req -new -newkey rsa:2048 -subj '/CN=Squid SSL-Bump
CA/C=/O=/OU=/' -sha256 -days 365 -nodes -x509 -keyout ./squidC
