Can create a cert with no serial number?
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Jun 1 03:13:05 UTC 2023
On Wed, May 31, 2023 at 11:05:14PM -0400, Robert Moskowitz wrote:
> So here there is a real risk of serial number duplication, but the
> subjectKey will be different. That is what I am pinning uniqueness on.
If you intend to be able to publish CRLs, then the serial numbers must
be unique.
https://datatracker.ietf.org/doc/html/rfc5280#section-5.1.2.6
CRLs list just the serial numbers of revoked certificates.
--
Viktor.
More information about the openssl-users
mailing list