Currently serial number generation for SSL certificates in the CA is
incremental, with the next value persisted in the
var/openca/crypto/serial file. Microsoft has made recent changes to its
trust certification policy that requires this serial number to be random
instead of incremental. Is there any way to do this in the current
version of OpenCA, or any plans to do this in the near future?
If random serial numbers are introduced, the CA would also need to be
able to deal with collisions in the event a serial number was chosen
that was already in use.
Duane Dinschel
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
