Reduce chances of issuer and serial number duplication by use of random

initial serial numbers. PR: 842
author: Dr. Stephen Henson <steve@openssl.org> 2004-04-20 12:05:26 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2004-04-20 12:05:26 +0000
commit: 64674bcc8cee73853d00388a5e83cb1b2f38bec1 (patch)
tree: 55da245985e07e8e1c75bf1ae8569012a63cb014 /apps/CA.pl.in
parent: 1dc2d655addc773d6d91ee17a52c14a11d1cb8e1 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 2242f7e03b..b09820755d 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -84,9 +84,6 @@ foreach (@ARGV) {
 		mkdir "${CATOP}/crl", $DIRMODE ;
 		mkdir "${CATOP}/newcerts", $DIRMODE;
 		mkdir "${CATOP}/private", $DIRMODE;
-		open OUT, ">${CATOP}/serial";
-		print OUT "01\n";
-		close OUT;
 		open OUT, ">${CATOP}/index.txt";
 		close OUT;
 	    }
@@ -105,7 +102,8 @@ foreach (@ARGV) {
 		    print "Making CA certificate ...\n";
 		    system ("$REQ -new -keyout " .
 			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
-		    system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . 
+		    system ("$CA -create_serial " .
+			"-out ${CATOP}/$CACERT $CADAYS -batch " . 
 			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
 			"-infiles ${CATOP}/$CAREQ ");
 		    $RET=$?;
author	Dr. Stephen Henson <steve@openssl.org>	2004-04-20 12:05:26 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2004-04-20 12:05:26 +0000
commit	64674bcc8cee73853d00388a5e83cb1b2f38bec1 (patch)
tree	55da245985e07e8e1c75bf1ae8569012a63cb014 /apps/CA.pl.in
parent	1dc2d655addc773d6d91ee17a52c14a11d1cb8e1 (diff)