Hello Alexei, >> On Sat, Feb 10, 2007 at 02:25:07PM +0400, Arsen Hayrapetyan wrote: >> >>> Date: Sat, 10 Feb 2007 14:25:07 +0400 >>> From: Arsen Hayrapetyan <[EMAIL PROTECTED]> >>> To: [email protected] >>> Subject: [Openca-Users] The serial number of CA root certificate >>> >>> I have set up CA and Node interfaces on my machine and has initialised >>> the CA. >>> The CA root certificate is created normally, but it has a strange serial >>> number: 2147483647 (0x7FFFFFFF). >>> >> >> :) what OS or linux dist are you using? I've seen this behavior only >> in Debian and reason for this is a too long serial of the CA certificate. >> I am using Scientific Linux CERN (SLC) 4, it is compatible with Red Hat Enterprise Linux (RHEL) 4. The version of OpenSSL I have is 0.9.7e. >> You have two options: fix genCert subroutine in OpenSSL.pm so that >> "-set_serial" openssl option is used for the CA certificate generation. >> I added the following line to genCert subroutine: $command.="-set_serial 0x0"; and issued a new certificate. It didn't help: OpenCA used the value from $OPENCA_DIR/var/crypto/serial (it was 01). Maybe, I am doing something wrong there? >> In this case beware, that general recomendation is that serial numbers >> should be unique for a PKI system. >> Of course. >> Or you can use experimental patches named 30_bigint_serial_* from the cvs >> >> in the debian/patches directory. >> >> >> >> I am afraid, they don't suit my operating system: I don't use Debian.
Best regards, Arsen. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
