OpenSSL "ca" - Track CSR Signing History

Q

How to track CSR certificate signing history? I want to know how many CSR I have signed with the OpenSSL "ca" command so far.

✍: FYIcenter.com

A

OpenSSL "ca" command automatically tacks your CSR signing history for you. Each time you sign a CSR and generate a new certificate, it will:

Save a copy of the new certificate to the ".\demoCA\newcerts" directory.
Add an entry in the certificate database file ".\demoCA\index.txt".
Increment the serial number by 1 in the ".\demoCA\serial" file.

The test below shows you how OpenSSL "ca" command manages CSR signing history:

C:\Users\fyicenter>dir /s demoCA
           115 index.txt
            21 index.txt.attr
             0 index.txt.old
<DIR>          newcerts
             5 serial
             5 serial.old

 Directory of .\demoCA\newcer
         3,279 1000.pem

C:\Users\fyicenter>type demoCA\index.txt
V       170831202401Z           1000    unknown /C=US/ST=NY/L=NY/O=FYIcenter.com
   /CN=www.fyicenter.com/emailAddress=joe@fyicenter.com

C:\Users\fyicenter>type demoCA\serial
1001

As you can see from the test, you can count the number of lines in the .\demoCA\index.txt file to know how many CSR you have signed so far.

If the requester of the CSR want to get a copy of his/her certificate, you can lookup the serial number from the .\demoCA\index.txt file by DN fields. Then use the serial number of the file name to get the certificate in the .\demoCA\newcerts directory.

⇒ OpenSSL "ca" Error "failed to update database TXT_DB error number 2"

⇐ OpenSSL "ca" - Sign CSR with CA Certificate

⇑ OpenSSL "ca" Command

⇑⇑ OpenSSL Tutorials

2016-09-13, ∼2549🔥, 0💬

💬 2022-07-26 FYIcenter.com: Thanks for the suggestion!

💬 2022-07-26 flash: in openssl.cfg file give double slash in folder path dir = C:\\OpenSSL-Win64\\bin\\demoCA

💬 2017-02-21 FYIcenter.com: Hi sanakhan, thanks for the suggestion.

(More comments ...)

OpenSSL "ca" - "error while loading serial number"
Why I am getting the "error while loading serial number" error when running OpenSSL "ca" command? If you are running the OpenSSL "ca" command installed with the slproweb binary package for Windows, you may get the "error while loading serial number" error as shown below: C:\Users\fyicenter>\l.. . 2016-09-13, ≈40🔥, 0💬

OpenSSL "ca" Error "unable to open ./demoCA/index.txt"
Why I am getting the "unable to open './demoCA/index.txt'" error when running OpenSSL "ca" command? If you are running the OpenSSL "ca" command installed with the slproweb binary package for Windows, you may get the "unable to open './demoCA/index.txt'" error as shown below: C:\Users\fyicenter&g... 2016-09-18, ≈21🔥, 0💬

OpenSSL "ca" Error "failed to update database TXT_DB error number 2"
Why I am getting the "failed to update database TXT_DB error number 2" error when running OpenSSL "ca" command? If you are using the OpenSSL "ca" command to sign a CSR that has the same DN (Distinguished Name) fields as an old CSR you have signed before, you will get the "failed to update database T... 2016-09-13, ≈15🔥, 0💬

OpenSSL "ca -gencrl" - Generate CRL
How to generate a CRL using the OpenSSL "ca" command? I need to publish the CRL to inform users about certificates I have revoked. If you want to generate a CRL (Certificate Revocation List), you can use the OpenSSL "ca -gencrl" command as shown below: C:\Users\fyicenter>\loc al\OpenSSL-Win32\... 2016-09-10, ≈14🔥, 0💬

OpenSSL "ca" - "error while loading CRL number"
Why I am getting the "error while loading CRL number" error when running OpenSSL "ca -gencrl" command? If you are running the OpenSSL "ca -gencrl" command installed with the slproweb binary package for Windows, you may get the "error while loading CRL number" error as shown below: C:\Users\fyicenter... 2016-09-10, ∼9043🔥, 0💬

OpenSSL "ca -revoke" - Revoke a Certificate
How to revoke a certificate using the OpenSSL "ca" command? The certificate was signed by me with my CA certificate, but now it is no longer needed. If you want revoke a certificate that was signed by you previously, you can use the OpenSSL "ca -revoke" command to revoke it. Actually, the certificat... 2016-09-10, ∼8248🔥, 0💬

OpenSSL "ca" Error "stateOrProvinceName field needed to be the same"
Why I am getting the "The stateOrProvinceName field needed to be the same in the CA certificate (...) and the request (...)" error when running OpenSSL "ca" command? If you are running the OpenSSL "ca" command installed with the slproweb binary package for Windows, you may get the "The stateOrProvin... 2016-09-13, ∼8204🔥, 0💬

OpenSSL "ca" - Sign the CSR Again
How to sign the a CSR again the OpenSSL "ca" command? It was signed for 1 year the first time. But the requester wants the certificate to valid for 3 years. If you sign a CSR incorrectly and want to sign it again with the OpenSSL "ca" command, you need to revoke the certificate, then sign it again c... 2016-09-10, ∼3166🔥, 0💬

OpenSSL "ca" - Sign CSR with CA Certificate
How to sign a CSR with my CA certificate and private key using OpenSSL "ca" command? I think my configuration file has all the settings for the "ca" command. If you have you configuration file ready and all the required directories and files created, you can sign a CSR with your CA certificate and p... 2016-09-13, ∼2935🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.