Merge pull request #87 from ValdikSS/gen-serial

Generate random serial number for all certificates
2016-02-29 14:04:14 -06:00 · 2016-02-29 14:04:14 -06:00 · f174800136
commit f174800136
parent 3ec4f245dd d309c6aaa2
1 changed files with 11 additions and 0 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -652,6 +652,17 @@ Certificate created at: $crt_out
 build_full() {
 	verify_ca_init

+	local i= serial= check_serial=
+	for i in 1 2 3 4 5; do
+		"$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
+		serial="$(cat "$EASYRSA_PKI/serial")"
+		check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
+		case "$check_serial" in
+			*"not present in db"*) break ;;
+			*) continue ;;
+		esac
+	done
+
 	# pull filename base:
 	[ -n "$2" ] || die "\
 Error: didn't find a file base name as the first argument.