From 86d9c4cf07f717a8cfaf6b9699202e3e65285007 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Wed, 25 Nov 2015 18:00:07 +0200
Subject: [PATCH] Save serial to not repeat serial numbers (just happened to
 me).

---
 .gitignore | 1 +
 Makefile   | 2 +-
 ssl-ca     | 9 ++++++++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index a7e130a..e2a00db 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,5 @@ openssl.cnf
 CA.key
 CA.crt
 CA.p12
+CA.srl
 .server.pid
diff --git a/Makefile b/Makefile
index dcd100e..8cfbe58 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ install:
 	chmod 755 /usr/local/bin/ssl-ca
 
 clean:
-	rm -rf openssl.cnf certs keys CA.key CA.crt CA.p12 .server.pid
+	rm -rf openssl.cnf certs keys CA.key CA.crt CA.p12 CA.srl .server.pid
 
 test: clean
 	./ssl-ca init
diff --git a/ssl-ca b/ssl-ca
index 62d8d12..f8f08e4 100755
--- a/ssl-ca
+++ b/ssl-ca
@@ -15,6 +15,7 @@ default_md = sha256
 email_in_dn = no
 RANDFILE = /dev/urandom
 database = /dev/null
+serial = serial
 
 [ req ]
 distinguished_name = req_distinguished_name
@@ -58,6 +59,12 @@ init () {
     else
         echo "$config" > "openssl.cnf"
     fi
+    if [ -e CA.srl ]
+    then
+        echo CA.srl already exists, skipping.
+    else
+        echo 1000 > CA.srl
+    fi
     if [ -e CA.key ]
     then
         echo CA.key already exists, skipping.
@@ -120,7 +127,7 @@ sign_key () {
         -in "$csr" \
         -out "certs/$1" \
         -CA CA.crt \
-        -set_serial $seed \
+        -CAserial CA.srl \
         -extensions v3_req \
         -extfile openssl.cnf \
         -days 3650 \
-- 
GitLab