With OpenSSL 1.x, I used to sign certifications and create ".srl" files with the following command
openssl x509 -in vcom.csr -days 1024 -CAkey ./rootCA.key -CA ./rootCA.pem -force_pubkey vcom_pub.pem -out vcom_cert.pem -CAcreateserial
However, after upgrading to OpenSSL 3.x. the option "-CAcreateserial" failed to create new ".srl" files.
After reviewing the OpenSSL 3.x source code, it seems like the option "-req" generates a random serial number; therefore, the source code related to "-CAcreateserial" is bypassed.
To my understanding, it is very important to record the serial number when signing a certificate, to avoid duplication.
Am I doing something wrong with the command? or have I misunderstood the concept of this ".srl" file?
I've continued to investigate into this problem, and found out, that option "-CAserial" is also ignored. As a result, the ".srl" file is really not requested in the process of signing a public key from a "CSR" file.