diff --git a/tool/cmdline.ggo b/tool/cmdline.ggo index 30dc8c6..a8f618f 100644 --- a/tool/cmdline.ggo +++ b/tool/cmdline.ggo @@ -57,6 +57,7 @@ option "subject" S "The subject to use for certificate request" string optional text " The subject must be written as: /CN=host.example.com/OU=test/O=example.com/\n" +option "serial" - "Serial number of the self-signed certificate" int optional default="1" option "valid-days" - "Time (in days) until the self-signed certificate expires" int optional default="365" option "pin" P "Pin/puk code for verification" string optional option "new-pin" N "New pin/puk code for changing" string optional dependon="pin" diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index 2e471ec..4917763 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -781,7 +781,7 @@ request_out: static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_format, const char *input_file_name, const char *slot, char *subject, enum enum_hash hash, - const int validDays, const char *output_file_name) { + const int serial, const int validDays, const char *output_file_name) { FILE *input_file = NULL; FILE *output_file = NULL; bool ret = false; @@ -847,7 +847,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo fprintf(stderr, "Failed to set the certificate public key.\n"); goto selfsign_out; } - if(!ASN1_INTEGER_set(X509_get_serialNumber(x509), 1)) { + if(!ASN1_INTEGER_set(X509_get_serialNumber(x509), serial)) { fprintf(stderr, "Failed to set certificate serial.\n"); goto selfsign_out; } @@ -1986,7 +1986,8 @@ int main(int argc, char *argv[]) { case action_arg_selfsignMINUS_certificate: if(selfsign_certificate(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.subject_arg, args_info.hash_arg, - args_info.valid_days_arg, args_info.output_arg) == false) { + args_info.serial_arg, args_info.valid_days_arg, + args_info.output_arg) == false) { ret = EXIT_FAILURE; } else { fprintf(stderr, "Successfully generated a new self signed certificate.\n");