Re: Can create a cert with no serial number?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: openssl-users@xxxxxxxxxxx
Subject: Re: Can create a cert with no serial number?
From: Viktor Dukhovni <openssl-users@xxxxxxxxxxxx>
Date: Wed, 31 May 2023 23:13:05 -0400
In-reply-to: <02451027-9624-0064-7033-764ffb38214e@htt-consult.com>
References: <528f1f81-391c-ff39-962e-e1be1b3196ab@htt-consult.com> <E2F07BF6-3034-4E10-82A2-BE6A6B5BF606@f-us.de> <2204bd35-bb42-e2bd-070b-1a14c0137e10@htt-consult.com> <87wn0oz9mg.wl-richard@levitte.org> <4b52cd27-3040-047f-6a33-8faebc78e3ac@htt-consult.com> <DM6PR14MB21861225F5621E65D5E44A2392489@DM6PR14MB2186.namprd14.prod.outlook.com> <725ff34e-3b54-5673-5a0c-b8c7a8f6dcf6@htt-consult.com> <ZHf6pD9Hza1t_wlm@straasha.imrryr.org> <02451027-9624-0064-7033-764ffb38214e@htt-consult.com>
Reply-to: openssl-users@xxxxxxxxxxx

On Wed, May 31, 2023 at 11:05:14PM -0400, Robert Moskowitz wrote:

> So here there is a real risk of serial number duplication, but the 
> subjectKey will be different.  That is what I am pinning uniqueness on.  

If you intend to be able to publish CRLs, then the serial numbers must
be unique.

    https://datatracker.ietf.org/doc/html/rfc5280#section-5.1.2.6

CRLs list just the serial numbers of revoked certificates.

-- 
    Viktor.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

References:
- Can create a cert with no serial number?
  - From: Robert Moskowitz
- Re: Can create a cert with no serial number?
  - From: Robert Moskowitz
- Re: Can create a cert with no serial number?
  - From: Richard Levitte
- Re: Can create a cert with no serial number?
  - From: Robert Moskowitz
- RE: Can create a cert with no serial number?
  - From: Corey Bonnell via openssl-users
- Re: Can create a cert with no serial number?
  - From: Robert Moskowitz
- Re: Can create a cert with no serial number?
  - From: Viktor Dukhovni
- Re: Can create a cert with no serial number?
  - From: Robert Moskowitz

Prev by Date: Re: Can create a cert with no serial number?
Next by Date: Re: Can create a cert with no serial number?
Previous by thread: Re: Can create a cert with no serial number?
Next by thread: Re: Can create a cert with no serial number?
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]