Sep 24, 2019
How to Setup your Own Certificate Authority (CA) using OpenSSL Nov 06, 2017 Displaying a remote SSL certificate details using CLI Print certificate serial number. This script doesn't have a special option to parse out the serial number, so will use the generic --option flag to pass '-serial' through to openssl. ssl-cert-info --host gmail.com --option -serial serial=4BF004B4DDC9C2F8 x.509 - Where is the version number in an x509 version 1
Yes, you can sign you own CSR (Certificate Sign Request) with a given serial number using the OpenSSL "req -x509 -set_serial" command as shown below. Without the "-set_serial" option, the resulting certificate will have random serial number. See the example below:
[SOLVED] Issue with generating certs with openssl Jun 19, 2011 security - How to verify the SSL fingerprint by command
There are 3 ways to supply a serial number to the "openssl x509 -req" command: Create a text file named as "herong.srl" and put a number in the file. Use the "-set_serial n" option to specify a number each time. Use the "-CAcreateserial -CAserial herong.seq" option to let "OpenSSL" to create and manage the serial number.
This file consist of one line containing an even number of hex digits with the serial number to use. After each use the serial number is incremented and written out to the file again. The default file name consists of the CA certificate file base name with .srl appended. How to use openssl for generating ssl certificates private Oct 18, 2019 How to setup your own CA with OpenSSL · GitHub Each issued certificate must contain a unique serial number assigned by the CA. It must be unique for each certificate given by a given CA. OpenSSL keeps the used serial numbers on a file, by default it has the same name as the CA certificate file with the extension replace by srl. So a file named ca.srl is created: $ cat ca.srl ED4B4A80662B1B4C