danielpcox
commented
4 years ago I don't see where setserial.sh actually gets run. Does putting it in SET_SERIAL_RESULT in that Ruby file cause it to run at a particular point in the certifiable code?
Closed lucasmoten closed 4 years ago
danielpcox
commented
4 years ago I don't see where setserial.sh actually gets run. Does putting it in SET_SERIAL_RESULT in that Ruby file cause it to run at a particular point in the certifiable code?
lucasmoten
commented
4 years ago I've never written ruby before so I had to look it up. I found this question on stack overflow
https://stackoverflow.com/questions/2232/how-to-call-shell-commands-from-ruby
According to that page, the 'value = command to run' pattern is valid. I don't know if it will run if the value is not assigned to something. I was able to verify that this works as I generated a certificate with a Serial Number: 38 32 33 31 33 35 34 39
lucasmoten
commented
4 years ago Certs that I now have loaded in my browser
The quickstart cert with 10 02 was forcefully created by running the current certifiable container up in docker.io with two throwaway users deleteme0 and deleteme1 to do the offset from 1000
The other quickstart cert and the Lucas.Moten cert were created as single certs from two different runs minutes apart using the container generated by this PR. Otherwise, they'd have 1000 or 1001 as their serial
When certifiable.rb starts, it will run a script called setserial.sh which will overwrite the default contents of the serial file in the intermediate ca folder to a value that is based on the current date. This allows for generation of certificate p12 files with serial numbers that are less likely to conflict with serial numbers from prior runs.
Fixes #16