Hi, the new version will enable the "random" serial numbers by default. The new feature can be enabled/disabled on the CA by using the following configuration options:
USE_RANDOM_SERIAL "Y"
RANDOM_SERIAL_SIZE 10
As the new version should be ready very soon, I have not planned to release
any patch against the current version :D
Later,
Max
On 02/08/2010 01:53 PM, Dinschel, Duane wrote:
Currently serial number generation for SSL certificates in the CA is incremental, with the next value persisted in the var/openca/crypto/serial file. Microsoft has made recent changes to its trust certification policy that requires this serial number to be random instead of incremental. Is there any way to do this in the current version of OpenCA, or any plans to do this in the near future? If random serial numbers are introduced, the CA would also need to be able to deal with collisions in the event a serial number was chosen that was already in use.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
