[openssl-users] More on cert serialnumbers
rsalz at akamai.com
Thu Aug 17 14:50:17 UTC 2017
And RFC 5280, which is still the standard, says serial# must be <= 20 bytes. Which means, you want to make sure the high bit is off, else the DER encoding will make it 21 bytes.
So the new –rand_serial flag I am adding to the CA command will make call RAND_bytes to get 18 bytes.
On 8/17/17, 10:45 AM, "Salz, Rich via openssl-users" <openssl-users at openssl.org> wrote:
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users