a text file containing the next serial number to use in hex. Mandatory.
This file must be present and contain a valid serial number.
+=item B<crlnumber>
+
+a text file containing the next CRL number to use in hex. The crl number
+will be inserted in the CRLs only if this file exists. If this file is
+present, it must contain a valid CRL number.
+
=item B<x509_extensions>
the same as B<-extensions>.
and cannot be disabled (this is because the certificate signature cannot
be displayed because the certificate has not been signed at this point).
-For convenience the values B<default_ca> are accepted by both to produce
+For convenience the values B<ca_default> are accepted by both to produce
a reasonable output.
If neither option is present the format used in earlier versions of
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
- nameopt = default_ca # Subject name display option
- certopt = default_ca # Certificate display option
+ nameopt = ca_default # Subject name display option
+ certopt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
numbers of certificates are present because, as the name implies
the database has to be kept in memory.
-It is not possible to certify two certificates with the same DN: this
-is a side effect of how the text database is indexed and it cannot easily
-be fixed without introducing other problems. Some S/MIME clients can use
-two certificates with the same DN for separate signing and encryption
-keys.
-
The B<ca> command really needs rewriting or the required functionality
exposed at either a command or interface level so a more friendly utility
(perl script or GUI) can handle things properly. The scripts B<CA.sh> and
projects / openssl.git / blobdiff