[openssl-users] Personal CA: are cert serial numbers critical?

Robert Moskowitz rgm at htt-consult.com
Wed Aug 16 16:52:16 UTC 2017 


On 08/16/2017 10:51 AM, Jakob Bohm wrote:
> On 16/08/2017 16:32, Tom Browder wrote:
>> On Wed, Aug 16, 2017 at 08:36 Salz, Rich via openssl-users 
>> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>> wrote:
>>
>>     ➢ So, in summary, do I need to ensure cert serial numbers are
>>     unique for my CA?
>>
>>     Why would you not?  The specifications require it, but those
>>     specifications are for interoperability. If nobody is ever going
>>     to see your certs, then who cares what’s in them?
>>
>>
>> Well, I do like to abide by specs, and they will be used in various 
>> browsers, so I think I will continue the unique serial numbering.
>>
>> Thanks, Rich.
>
> Modern browsers increasingly presume that such private CAs behave exactly
> like the public CAs regulated through the CA/Browsers Forum (CAB/F) and
> the per-browser root CA inclusion programs (the administrative processes
> that determine which CAs are listed in browsers by default).
>
> Among the relevant requirements now needed:
>
> - Serial numbers are *exactly* 20 bytes (153 to 159 bits) both as 
> standalone
>  numbers and as DER-encoded numbers.  Note that this is not the 
> default in
>  the openssl ca program.
>
> - Serial numbers contain cryptographically strong random bits, 
> currently at
>  least 64 random bits, though it is best if the entire serial number 
> looks
>  random from the outside.  This is not implemented by the openssl ca 
> program.
>
> - Certificates are valid for at most 2 years (actually 825 days).
>
> - SHA-1 (and other weak algorithms such as MD5) are no longer 
> permitted and
>  is already disappearing from Browser code.
>
> - RSA shorter than 2048 bits (and other weak settings such as equally 
> short
>  DSA keys) are no longer permitted and is already disappearing from 
> Browser
>  code.

How universal is ECDSA p-256 support?

>
> - If the certificate is issued to an e-mail address, that e-mail 
> address must
>  also be listed as an rfc822Name in a "Subject Alternative Name" 
> certificate
>  extension.

Which is also a problem in openssl.  You have to put the SAN into the 
cnf file.  There are a number of hacks to do this from the command line.

More information about the openssl-users mailing list