mirror of
https://github.com/openssl/openssl.git
synced 2024-12-03 05:41:46 +08:00
23f3993127
OpenSSL 1.1.1 introduced a new CSPRNG with an improved seeding mechanism, which makes it dispensable to define a RANDFILE for saving and restoring randomness. This commit removes the RANDFILE declarations from our own configuration files and adds documentation that this option is not needed anymore and retained mainly for compatibility reasons. Fixes #10433 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10436) |
||
|---|---|---|
| .. | ||
| apps | ||
| ca.cnf | ||
| mkcerts.sh | ||
| ocspquery.sh | ||
| ocsprun.sh | ||
| README | ||
There is often a need to generate test certificates automatically using a script. This is often a cause for confusion which can result in incorrect CA certificates, obsolete V1 certificates or duplicate serial numbers. The range of command line options can be daunting for a beginner. The mkcerts.sh script is an example of how to generate certificates automatically using scripts. Example creates a root CA, an intermediate CA signed by the root and several certificates signed by the intermediate CA. The script then creates an empty index.txt file and adds entries for the certificates and generates a CRL. Then one certificate is revoked and a second CRL generated. The script ocsprun.sh runs the test responder on port 8888 covering the client certificates. The script ocspquery.sh queries the status of the certificates using the test responder.