Re: Can create a cert with no serial number?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

OK.  I am looking at absolute certificate DER size and able to squeeze them into very small packets.  The content should not be used in the apps, but if the libraries blow up without it, that would not be good.

On 5/31/23 09:50, Frank-Ulrich Sommer wrote:
RFC5280 which specifies X.509 certificates states that the serial number is a MUST field and it must be unique. By limiting it to one byte the number of certificates should be limited to 256.

As I can't see any significant advantage I would not risk compatibility problems and just leave it as it is. A cert without serial number could be at risk of beeing treated as invalid.


Am 31. Mai 2023 15:41:02 MESZ schrieb Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>:
I tried putting in my conf:

serial = none

and that made an error.

Best I have done is a serial of length 1 byte.  But in my work, the subject or SAN provide uniqueness and CRLs will not be used.  So want to see if I can create a cert with NO serial number.

Thanks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux