From 73ef787803293111272bf2851e7f6baca9c9b0ca Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 4 May 2018 09:17:27 +0200 Subject: [PATCH] renew-dummy-cert: Fix long serial number renewal problem. Do not try to increment the serial number, use long random one instead. --- renew-dummy-cert | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/renew-dummy-cert b/renew-dummy-cert index 50f9931..92e271c 100755 --- a/renew-dummy-cert +++ b/renew-dummy-cert @@ -18,16 +18,13 @@ if [ ! -f $PEM ]; then exit 1 fi -let -a SERIAL=0x$(openssl x509 -in $PEM -noout -serial | cut -d= -f2) -let SERIAL++ - umask 077 OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'` openssl rsa -inform pem -in $PEM -out $KEY openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ -openssl x509 -req -in $REQ -signkey $KEY -set_serial $SERIAL -days 365 \ +openssl x509 -req -in $REQ -signkey $KEY -days 365 \ -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT (cat $KEY ; echo "" ; cat $CRT) > $NEW