<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
OK. I am looking at absolute certificate DER size and able to
squeeze them into very small packets. The content should not be
used in the apps, but if the libraries blow up without it, that
would not be good.<br>
<br>
<div class="moz-cite-prefix">On 5/31/23 09:50, Frank-Ulrich Sommer
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:E2F07BF6-3034-4E10-82A2-BE6A6B5BF606@f-us.de">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">RFC5280 which specifies X.509 certificates states
that the serial number is a MUST field and it must be unique. By
limiting it to one byte the number of certificates should be
limited to 256.<br>
<br>
As I can't see any significant advantage I would not risk
compatibility problems and just leave it as it is. A cert
without serial number could be at risk of beeing treated as
invalid.</div>
<br>
<br>
<div class="gmail_quote">
<div dir="auto">Am 31. Mai 2023 15:41:02 MESZ schrieb Robert
Moskowitz <a class="moz-txt-link-rfc2396E" href="mailto:rgm@htt-consult.com"><rgm@htt-consult.com></a>:</div>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<pre class="k9mail"><div dir="auto">I tried putting in my conf:
serial = none
and that made an error.
Best I have done is a serial of length 1 byte. But in my work, the subject or SAN provide uniqueness and CRLs will not be used. So want to see if I can create a cert with NO serial number.
Thanks
</div></pre>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>