On Sat, Feb 10, 2007 at 02:25:07PM +0400, Arsen Hayrapetyan wrote: > Date: Sat, 10 Feb 2007 14:25:07 +0400 > From: Arsen Hayrapetyan <[EMAIL PROTECTED]> > To: [email protected] > Subject: [Openca-Users] The serial number of CA root certificate > > I have set up CA and Node interfaces on my machine and has initialised > the CA. > The CA root certificate is created normally, but it has a strange serial > number: 2147483647 (0x7FFFFFFF).
:) what OS or linux dist are you using? I've seen this behavior only in Debian and reason for this is a too long serial of the CA certificate. You have two options: fix genCert subroutine in OpenSSL.pm so that "-set_serial" openssl option is used for the CA certificate generation. In this case beware, that general recomendation is that serial numbers should be unique for a PKI system. Or you can use experimental patches named 30_bigint_serial_* from the cvs in the debian/patches directory. Regards, -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
