silverhairbp wrote:
Certificate serial number must be provided by the CA in order to maintain uniqueness to the certificate. Its always strongly recommended that the serieal numbers assigned by the CA are sequential to maintain an easy audit trail, but there has been deviation in that the last few (7 or 8) years.
Actually there is no need for the Serial Number to be sequential... some
CAs prefer to use random SN to keep the number of issued certificates
secret. Well one could always download all of them and count them...
Anyway this is in place in some CAs like Verisign (If I do remember it
correctly). The requirement is to have UNIQUE serial numbers within one
CA.
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883
PKI/Trust - Office 062 Work Phone: +1 (603) 646-9226
--o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
