fix: 🐛 Use random CA serial numbers
man openssl-x509: If the -CA option is specified and neither <-CAserial> or <-CAcreateserial> is given and the default serial number file does not exist, a random number is generated; this is the recommended practice.master
parent
3922cb225a
commit
e484075046
|
@ -54,7 +54,7 @@ if ! sudo /usr/bin/openssl req -new -sha384 -reqexts SAN -extensions SAN \
|
|||
fi
|
||||
|
||||
# Generate cert
|
||||
if ! sudo /usr/bin/openssl x509 -req -sha384 -extensions SAN -CAserial \
|
||||
if ! sudo /usr/bin/openssl x509 -req -sha384 -extensions SAN \
|
||||
-extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
|
||||
-in "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
|
||||
-CA "${SSL_CA_CERT}" -CAkey "${SSL_CA_KEY}" \
|
||||
|
|
Loading…
Reference in New Issue