Dr. Stephen Henson wrote:
> The two would look identical and certificates issued by the two CA could get
> duplicate serial numbers all over the place.
>
> So the default is to do something "safe". If someone knows what they are doing
> they can use different serial numbers and low values if they
On Wed, May 17, 2006, Phil Dibowitz wrote:
> Dr. Stephen Henson wrote:
>
> > The reason for the random nature is so that OpenSSL by default makes it
> > very
> > unlikely to duplicate issuer names and serial numbers, which is a standard
> > violation and can cause peculiar hard to trace errors in
Dr. Stephen Henson wrote:
> On Wed, May 17, 2006, Phil Dibowitz wrote:
>
>>
>> "CA.pl -newca" takes a random 64-bit number for the serial number of the
>> CA, and then auto-incriments that for all of the certs it signs.
>>
>> Why random? Why not start at 64-bits of 0s? Is there some benefit here?
On Wed, May 17, 2006, Phil Dibowitz wrote:
>
> "CA.pl -newca" takes a random 64-bit number for the serial number of the
> CA, and then auto-incriments that for all of the certs it signs.
>
> Why random? Why not start at 64-bits of 0s? Is there some benefit here?
>
The serial number is an integ
Dr. Stephen Henson wrote:
> On Wed, May 17, 2006, Phil Dibowitz wrote:
>
>>
>> Thanks for the quick reply.
>>
>> Hmm. Then why is it when I create a self-signed CA with openssl I get
>> the former displayed, but when when I then sign a cert with that CA, I
>> get the latter? I don't understand why
On Wed, May 17, 2006, Phil Dibowitz wrote:
>
> Thanks for the quick reply.
>
> Hmm. Then why is it when I create a self-signed CA with openssl I get
> the former displayed, but when when I then sign a cert with that CA, I
> get the latter? I don't understand why it is using different byte length
Goetz Babin-Ebell wrote:
> Phil Dibowitz schrieb:
>
> Hello Phil,
>
>>> In some cases I see serial numbers as octet strings, i.e.:
>>>
>>> Serial Number:
>>> ef:e1:73:da:b3:6a:cf:ad:6b:18:dd:58:7f:6b:49:fe
>>>
>>> And other cases as an integer, i.e.:
>>>
>>> Serial Num
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Phil Dibowitz schrieb:
Hello Phil,
> In some cases I see serial numbers as octet strings, i.e.:
>
> Serial Number:
> ef:e1:73:da:b3:6a:cf:ad:6b:18:dd:58:7f:6b:49:fe
>
> And other cases as an integer, i.e.:
>
> Serial Nu
In some cases I see serial numbers as octet strings, i.e.:
Serial Number:
ef:e1:73:da:b3:6a:cf:ad:6b:18:dd:58:7f:6b:49:fe
And other cases as an integer, i.e.:
Serial Number: 2 (0x2)
In openssl's case, self-signed certs use an octet-string (though this
seems to not be
