Phil Dibowitz wrote:
> Bear Giles wrote:
>
>>Issuer DN and serial number are unique.
>
>
> Yes, but we have a central identity system that uses GUIDs to ...
> everything. We want to do it for cerificates as well. We want said GUID
> to be in the certificate.
>
> Serial number is typically used
Bear Giles wrote:
> Issuer DN and serial number are unique.
Yes, but we have a central identity system that uses GUIDs to ...
everything. We want to do it for cerificates as well. We want said GUID
to be in the certificate.
Serial number is typically used for renewals, I don't want to step on tha
Issuer DN and serial number are unique. In practice you'll need
to consider whether you'll be dealing with anyone other than
competent CAs (organizations and individuals). "openssl ca" is
great but it's trivial to produce multiple certs with the same
issuer DN and serial number.
Bear
Phil Dibow
We'd like to tie all of our certificates to a unique identifier in a
DB... is there an attribute out there, perhaps in the PKIX extensions or
x509v3 extensions or somewhere else that would be a reasonable place for
this?
Thanks,
--
Phil Dibowitz
P: 310-360-2330 C: 213-923-5115
Unix Admin, Ticketm
