> From: owner-openssl-us...@openssl.org On Behalf Of Pascal Delaunay
> Sent: Thursday, 23 September, 2010 12:00
> The "database" file (an option in your openssl.conf) handles that
perfectly.
If you use 'ca'; or as Patrick Patterson said, the scripts which do so.
Not 'x509 -req
Hi,
The "database" file (an option in your openssl.conf) handles that
perfectly.
Cheers
Pascal
2010/9/22 Andy GOKTAS
> So using the "-CAserial serial.srl" might be a good idea to avoid this.
>
> Now this leads me to the next question:
> - Besides manually documenting a cross-reference for
Hi Andy:
If you use the OpenSSL CA scripts as shipped and documented both in the OpenSSL
document, the book, or numerous places on the web, they already use "index.txt"
as a list of all issued certificates. So no extra work is needed.
Have fun.
Patrick.
On 2010-09-22, at 4:52 PM, Andy GOKTAS
So using the "-CAserial serial.srl" might be a good idea to avoid this.
Now this leads me to the next question:
- Besides manually documenting a cross-reference for each certificate that I
sign to a serial number, is there any way to have this scripted and for an
appending log to the serial
Great! Thanks for that information Patrick. :)
Thanks,
Andy Goktas
>>> Patrick Patterson 9/17/2010 6:11 AM >>>
Hi Andy:
Well, aside from violating most of the standards around PKI, the main problem
you will have is revocation - the way you revoke a certificate is to put it's
serial number
The serial number has to be unique for the issuer (CA).
You can have multiple certificates with the same SubjectName, but the
SerialNumber field has to be unique unless you're using a different
issuer.
Chris
On Sun, Sep 19, 2010 at 10:53 PM, wrote:
> If you generate multiple certs with the sam
If you generate multiple certs with the same serial number, Firefox (and anything built
with NSS) will absolutely refuse to have anything to do with those sites. There's no
"click 3 times to get access", it's a simple refusal to talk with a
non-standards-compliant server. (Of course, this put
Hi Andy:
Well, aside from violating most of the standards around PKI, the main problem
you will have is revocation - the way you revoke a certificate is to put it's
serial number on a CRL. So if you have multiple certs with the same serial
number, if you ever need to revoke one of those certifi
Hello,
Just curious if anyone knows, but what happens if I generate multiple server
certs (using my self generated signing CA using openssl) that have the same
assigned serial number?
Does this create a conflict within the network and if users's end up accessing
both certs, kabm?
Is
