OpenSSL as a CA without touching the certs/crl/index/etc environment

Question

I think I have the right OpenSSL command to sign a certificate but I\'ve gotten stuck and the tutorials I\'ve found use a different argument format (I\'m using OpenSSL 0.9.8o 01

Answer 1

Rather than using the ca option try the x509 option with -req. You would add -CAfile to point to your authority. This will sign your certificate without adding entries to the index. There is more about using x509 as "mini CA" here.

http://www.openssl.org/docs/apps/x509.html#SIGNING_OPTIONS