> There’s no such requirement. It MUST be at most 20 octets long.
>
>> - Serial numbers contain cryptographically strong random bits, currently
at
>> least 64 random bits, though it is best if the entire serial number looks
>> random from the outside. This is not implemented by the openssl ca
program.
Edit apps/apps.h to change SERIAL_RAND_BITS and use the –create_serial flag.
I’ll be making a patch to do this more easily for master.
>Use of the commonName attribute has been deprecated long ago.
> Where is this documented?
RFC 2818 in 2000. See aslo
https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/IGT2fLJrAeo
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
