From e48407504691024db165760dfe11fa887e160d12 Mon Sep 17 00:00:00 2001
From: Keith Irwin <git@ki9.us>
Date: Mon, 1 Jan 2024 11:00:12 -0700
Subject: [PATCH] fix: :bug: Use random CA serial numbers

man openssl-x509: If the -CA option is specified and neither <-CAserial> or <-CAcreateserial> is given and the default serial number file does not exist, a random number is generated; this is the recommended practice.
---
 back/lib/ssl_peer_add | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/back/lib/ssl_peer_add b/back/lib/ssl_peer_add
index b1b3b01..ac6f3d0 100755
--- a/back/lib/ssl_peer_add
+++ b/back/lib/ssl_peer_add
@@ -54,7 +54,7 @@ if ! sudo /usr/bin/openssl req -new -sha384 -reqexts SAN -extensions SAN \
 fi
 
 # Generate cert
-if ! sudo /usr/bin/openssl x509 -req -sha384 -extensions SAN -CAserial \
+if ! sudo /usr/bin/openssl x509 -req -sha384 -extensions SAN \
 	-extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
 	-in "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
 	-CA "${SSL_CA_CERT}" -CAkey "${SSL_CA_KEY}" \