Re: [openssl-users] More on cert serialnumbers

Salz, Rich via openssl-users Thu, 17 Aug 2017 07:50:55 -0700

And RFC 5280, which is still the standard, says serial# must be <= 20 bytes.  
Which means, you want to make sure the high bit is off, else the DER encoding 
will make it 21 bytes.


So the new –rand_serial flag I am adding to the CA command will make call 
RAND_bytes to get 18 bytes.


On 8/17/17, 10:45 AM, "Salz, Rich via openssl-users" 
<openssl-users@openssl.org> wrote:

    https://cabforum.org/2016/07/08/ballot-164/
    
    
    -- 
    openssl-users mailing list
    To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
    

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] More on cert serialnumbers

Reply via email to