[Openswan Users] Generating X 509 certificate problem on Debian
Sarge OpenSwan 2.1.3-1
Paul Wouters
paul at xelerance.com
Wed Oct 13 17:52:19 CEST 2004
On Mon, 11 Oct 2004 trevor-os at thennion.demon.co.uk wrote:
>> touch index.txt
>> echo "01" > serial
>> mkdir newcerts
>>
>
> Your 'recipe' has a severe limitations!
>
> The lines:
> touch indes.txt
> echo "01" > serial
>
> seem to suggest that it is only intended to create one certificate.
> Even with only one system this becomes a problem if you have to re-issue the
> certificate before it expires.
AFAIK, this is just setting the serial number to 01. It will be increased
when a certificate is generated. It does not limit the number of certificates
you can generate. I use similar code for our wavesec-for-windows code.
Paul
--
"Non cogitamus, ergo nihil sumus"
More information about the Users
mailing list