RFC5280 which specifies X.509 certificates states that the serial number is a MUST field and it must be unique. By limiting it to one byte the number of certificates should be limited to 256. As I can't see any significant advantage I would not risk compatibility problems and just leave it as it is. A cert without serial number could be at risk of beeing treated as invalid. Am 31. Mai 2023 15:41:02 MESZ schrieb Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>: >I tried putting in my conf: > >serial = none > >and that made an error. > >Best I have done is a serial of length 1 byte. But in my work, the subject or SAN provide uniqueness and CRLs will not be used. So want to see if I can create a cert with NO serial number. > >Thanks > >
