> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Mat Arge > Sent: Monday, 28 April, 2014 04:54 > > I agree with Walter, that it is not exactly good practise to have a CA key > lying around on multiple servers. But anyway, if you need to do it you have > to > create the random serial number externally by some script and write it into > the serial file (as set in the openssl configuration file used) prior to > issuing the "openssl ca" command.
Or use something like Victor's script, rather than using the serial file. > As a workaround if you do not want do do this, you could set different serial > number ranges on the various servers. Server1 starts at serial 1, Server2 at > 0x010000 and so on. Depending on how large you want your serial numbers to get[1], and how many certificates you expect each node to sign, you could do something like using part or all of the MAC address of the host's first (non-loopback) NIC to define the range. That would avoid manually assigning ranges. > You'd still have incrementally growing serial numbers > (which is actually bad by itself) but from distinct ranges. As Larry pointed out, there's no reason why you couldn't assign serial numbers pseudorandomly from within the range. You could keep simply keep a file of all the serials that host has assigned and keep generating numbers until you get a new one, or pick a value (pseudo)randomly from the ones that are still available using a shuffling or counting algorithm, or even just use a generator on the range.[2] But in any event, there doesn't seem to be any reason why this couldn't be implemented with a little scripting, and it'd be better than simply picking serial numbers pseudorandomly across all the nodes and hoping the result was collision-free. As for whether it's a good idea - again that depends ENTIRELY on your threat model. So many people seem to believe that their threat model applies universally. [1] openssl x509 -serial_num uses s2i_ASN1_INTEGER to read the serial number specified on the command line, so it supports large values. I assume openssl ca does the same when reading the serial-number file, though I haven't actually checked. [2] Of course, if you used a generator, an attacker who observed a few adjacent serial-number values could determine what parameters you used, and you'd be back to, in effect, incrementing serials. Whether that's a risk depends on your threat model. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com
