Certificate serialnumber?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jul 05, 2015, Salz, Rich wrote:

> 
> > > the question: where does the serial number for this certificate come from?
> > > is it random by default when nothing is said about it?
> 
> It will be random if (a) the serial file does not exist; and (b) you specify the -create_serial flag.  Otherwise it opens the file, reads the number (defaulting to zero if not exists) and increments it, updates the file, and uses that as the new serial number.
> 

Unless I'm misreading the code an absent serial number file is an error.

We don't start with zero any more because this can result in duplicate issuer
names and serial numbers which can cause hard to trace problems.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux