Re: Personal CA: are cert serial numbers critical?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> There’s no such requirement. It MUST be at most 20 octets long.
    >
    >> - Serial numbers contain cryptographically strong random bits, currently at
    >> least 64 random bits, though it is best if the entire serial number looks
    >> random from the outside.  This is not implemented by the openssl ca program.

Edit apps/apps.h to change SERIAL_RAND_BITS and use the –create_serial flag.

I’ll be making a patch to do this more easily for master.

>Use of the commonName attribute has been deprecated long ago.
    
 >   Where is this documented?
   
RFC 2818 in 2000.  See aslo  https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/IGT2fLJrAeo


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux