[openssl-users] More on cert serialnumbers

Salz, Rich rsalz at akamai.com
Thu Aug 17 14:50:17 UTC 2017

And RFC 5280, which is still the standard, says serial# must be <= 20 bytes.  Which means, you want to make sure the high bit is off, else the DER encoding will make it 21 bytes.

So the new –rand_serial flag I am adding to the CA command will make call RAND_bytes to get 18 bytes.

On 8/17/17, 10:45 AM, "Salz, Rich via openssl-users" <openssl-users at openssl.org> wrote:

    openssl-users mailing list
    To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list