Issuer DN and serial number are unique. In practice you'll need to consider whether you'll be dealing with anyone other than competent CAs (organizations and individuals). "openssl ca" is great but it's trivial to produce multiple certs with the same issuer DN and serial number.
Bear Phil Dibowitz wrote: > We'd like to tie all of our certificates to a unique identifier in a > DB... is there an attribute out there, perhaps in the PKIX extensions or > x509v3 extensions or somewhere else that would be a reasonable place for > this? > > Thanks, ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
