[openssl-users] More on cert serialnumbers

Mark H. Wood mwood at iupui.edu
Fri Aug 18 13:18:55 UTC 2017

On Thu, Aug 17, 2017 at 03:29:56PM +0000, Erwann Abalea via openssl-users wrote:
> The BR are for public CAs, not private CAs; even if some of those requirements are considered « good practice » (the 64 bits out of a CSPRNG is such a req), they cannot be forced on private CAs.
> And unless some or all of the browsers also apply these requirements to private CAs, you’re not forced to follow them all.

How does one mechanically distinguish public vs. private CAs?

Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170818/fdef7b54/attachment.sig>

More information about the openssl-users mailing list