[openssl-users] Using set_serial to control serial number size directly

Robert Moskowitz rgm at htt-consult.com
Mon Aug 21 14:22:05 UTC 2017

On 08/21/2017 10:03 AM, Salz, Rich wrote:
> If the root is going to be trusted, make its serial number be one. ☺
> Otherwise use eight bytes of random as the serial number, if you follow CABF guidelines.

Kind of where my thinking is going.  But once I make it '1', it might as 
well be 1 byte rand!  :)

Well 1 - 127 random...

But no need to make it 20 octets.  Just leave it at 8.  And yes, I can 
see some jump on the 'save' 7 bytes bandwagon.  Also why I have to work 
out BER to compare that sizing to DER.  Trying to do that today.


More information about the openssl-users mailing list