renew-dummy-cert: Fix long serial number renewal problem.

Do not try to increment the serial number, use long random one instead.
This commit is contained in:
Tomas Mraz 2018-05-04 09:17:27 +02:00
parent 5d5075d4c9
commit 73ef787803

View File

@ -18,16 +18,13 @@ if [ ! -f $PEM ]; then
exit 1 exit 1
fi fi
let -a SERIAL=0x$(openssl x509 -in $PEM -noout -serial | cut -d= -f2)
let SERIAL++
umask 077 umask 077
OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'` OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
openssl rsa -inform pem -in $PEM -out $KEY openssl rsa -inform pem -in $PEM -out $KEY
openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
openssl x509 -req -in $REQ -signkey $KEY -set_serial $SERIAL -days 365 \ openssl x509 -req -in $REQ -signkey $KEY -days 365 \
-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
(cat $KEY ; echo "" ; cat $CRT) > $NEW (cat $KEY ; echo "" ; cat $CRT) > $NEW