Have I understood correctly that when CSR is signed with openssl x509 tool, a CA database index file is not updating ? As opposite, when signing with openssl ca tool, then index file is updating.
Asked
Active
Viewed 3,688 times
1 Answers
2
This is correct. openssl x509
is only a tool to manipulate and create certificates, but it is not a standalone CA and does not keep any status. Whereas openssl ca
is described in the documentation as:
The ca command is a minimal CA application. It can be used to sign certificate requests in a variety of forms and generate CRLs it also maintains a text database of issued certificates and their status.
This text database includes the index file you refer too.
![](../../users/profiles/37315.webp)
Steffen Ullrich
- 184,332
- 29
- 363
- 424
-
Also, in the [CA Database documentation](http://pki-tutorial.readthedocs.io/en/latest/cadb.html), it states that "the `openssl ca` command uses this file as certificate database." – Sjoerd May 03 '17 at 06:49