[openssl-users] Certificate serialnumber?
Dr. Stephen Henson
steve at openssl.org
Sun Jul 5 18:56:08 UTC 2015
On Sun, Jul 05, 2015, Salz, Rich wrote:
> > > the question: where does the serial number for this certificate come from?
> > > is it random by default when nothing is said about it?
> It will be random if (a) the serial file does not exist; and (b) you specify the -create_serial flag. Otherwise it opens the file, reads the number (defaulting to zero if not exists) and increments it, updates the file, and uses that as the new serial number.
Unless I'm misreading the code an absent serial number file is an error.
We don't start with zero any more because this can result in duplicate issuer
names and serial numbers which can cause hard to trace problems.
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users