[openssl-users] More on cert serialnumbers

Erwann Abalea Erwann.Abalea at docusign.com
Fri Aug 18 13:56:55 UTC 2017

> Le 18 août 2017 à 15:18, Mark H. Wood <mwood at IUPUI.Edu> a écrit :
> On Thu, Aug 17, 2017 at 03:29:56PM +0000, Erwann Abalea via openssl-users wrote:
>> The BR are for public CAs, not private CAs; even if some of those requirements are considered « good practice » (the 64 bits out of a CSPRNG is such a req), they cannot be forced on private CAs.
>> And unless some or all of the browsers also apply these requirements to private CAs, you’re not forced to follow them all.
> How does one mechanically distinguish public vs. private CAs?

OS/Browser-granted or user-granted. Each browser does it differently.

More information about the openssl-users mailing list