forked from rpms/openssl
renew-dummy-cert: Fix long serial number renewal problem.
Do not try to increment the serial number, use long random one instead.
This commit is contained in:
parent
5d5075d4c9
commit
73ef787803
@ -18,16 +18,13 @@ if [ ! -f $PEM ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
let -a SERIAL=0x$(openssl x509 -in $PEM -noout -serial | cut -d= -f2)
|
||||
let SERIAL++
|
||||
|
||||
umask 077
|
||||
|
||||
OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
|
||||
|
||||
openssl rsa -inform pem -in $PEM -out $KEY
|
||||
openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
|
||||
openssl x509 -req -in $REQ -signkey $KEY -set_serial $SERIAL -days 365 \
|
||||
openssl x509 -req -in $REQ -signkey $KEY -days 365 \
|
||||
-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
|
||||
|
||||
(cat $KEY ; echo "" ; cat $CRT) > $NEW
|
||||
|
Loading…
Reference in New Issue
Block a user