| commit | 2b9639ec1432f18a0e9e5e424810fa329f6ec617 | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Tue, 28 Nov 2017 01:48:33 +0000 (27 17:48 -0800) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Tue, 28 Nov 2017 01:48:33 +0000 (27 17:48 -0800) | ||
| tree | 6a4d1c5e944925dfef78fa1a58d76c9c5c29db49 | treesnapshot (tar.gz zip) |
| parent | f96d4f3101c7d07bb642b644fdf47b74b13f4edc | commitdiff |
CACreateCert: allow use of --randome with non-root certs
There's no reason to disallow use of --random with non-root
certificates. By combining --random with an explicit --dni
"serialNumber=#" any number of unique certificates can readily be
generated of any type from a template that will all end up having
unique subject distinguised names.
It would, of course, also be possible to do this by simply incrementing
a counter and embedding that. But, by using the --random plus --dni
"serialNumber=#" system, multiple discreet systems can be reasonably
assured of generating unique certificate subject distinguished names
from the same template with no mutual coordination required between
them to avoid subject distinguished name collisions.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
There's no reason to disallow use of --random with non-root
certificates. By combining --random with an explicit --dni
"serialNumber=#" any number of unique certificates can readily be
generated of any type from a template that will all end up having
unique subject distinguised names.
It would, of course, also be possible to do this by simply incrementing
a counter and embedding that. But, by using the --random plus --dni
"serialNumber=#" system, multiple discreet systems can be reasonably
assured of generating unique certificate subject distinguished names
from the same template with no mutual coordination required between
them to avoid subject distinguished name collisions.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
| CACreateCert | diffblobblamehistory |