Save serial to not repeat serial numbers (just happened to me).

86d9c4cf · nimrod · ec782bb1 · 86d9c4cf · 86d9c4cf · 86d9c4cf
Commit 86d9c4cf authored 9 years ago by nimrod
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,5 @@ openssl.cnf
 CA.key
 CA.crt
 CA.p12
+CA.srl
 .server.pid
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ install:
 	chmod 755 /usr/local/bin/ssl-ca

 clean:
-	rm -rf openssl.cnf certs keys CA.key CA.crt CA.p12 .server.pid
+	rm -rf openssl.cnf certs keys CA.key CA.crt CA.p12 CA.srl .server.pid

 test: clean
 	./ssl-ca init

--- a/ssl-ca
+++ b/ssl-ca
@@ -15,6 +15,7 @@ default_md = sha256
 email_in_dn = no
 RANDFILE = /dev/urandom
 database = /dev/null
+serial = serial

 [ req ]
 distinguished_name = req_distinguished_name
@@ -58,6 +59,12 @@ init () {
    else
        echo "$config" > "openssl.cnf"
    fi
+    if [ -e CA.srl ]
+    then
+        echo CA.srl already exists, skipping.
+    else
+        echo 1000 > CA.srl
+    fi
    if [ -e CA.key ]
    then
        echo CA.key already exists, skipping.
@@ -120,7 +127,7 @@ sign_key () {
        -in "$csr" \
        -out "certs/$1" \
        -CA CA.crt \
-        -set_serial $seed \
+        -CAserial CA.srl \
        -extensions v3_req \
        -extfile openssl.cnf \
        -days 3650 \