renew-dummy-cert: Fix long serial number renewal problem.
Do not try to increment the serial number, use long random one instead.
This commit is contained in:
parent
5d5075d4c9
commit
73ef787803
@ -18,16 +18,13 @@ if [ ! -f $PEM ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
let -a SERIAL=0x$(openssl x509 -in $PEM -noout -serial | cut -d= -f2)
|
|
||||||
let SERIAL++
|
|
||||||
|
|
||||||
umask 077
|
umask 077
|
||||||
|
|
||||||
OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
|
OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
|
||||||
|
|
||||||
openssl rsa -inform pem -in $PEM -out $KEY
|
openssl rsa -inform pem -in $PEM -out $KEY
|
||||||
openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
|
openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
|
||||||
openssl x509 -req -in $REQ -signkey $KEY -set_serial $SERIAL -days 365 \
|
openssl x509 -req -in $REQ -signkey $KEY -days 365 \
|
||||||
-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
|
-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
|
||||||
|
|
||||||
(cat $KEY ; echo "" ; cat $CRT) > $NEW
|
(cat $KEY ; echo "" ; cat $CRT) > $NEW
|
||||||
|
Loading…
Reference in New Issue
Block a user