Michael,
OpenSSL ist working correct because "9a 38 74 00 00 00 00
25 be" is a negative integer. If you preceedyour serial number with "00"
everything will work fine... even the presentation of your number
with OpenSSL.
Best regards
Thomas
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bohn, Michael
Gesendet: Mittwoch, 11. Januar 2006 07:20
An: [email protected]
Betreff: openssl can don' t handle 20 Octes long Serial Numbers RFC 3280Hi all,sorry that I send the same e-mail again but I did't find any answer to my last one.We have the case that openssl can not handle long serial numbers.In ower case we have this Serail Nr. 9a 38 74 00 00 00 00 25 bebut OpenSSL 0.9.7e 25 Oct 2004 print this:openssl x509 -in file -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)65:c7:8b:ff:ff:ff:ff:da:42windows cisco and mozilla can handle this SN without any problems.################ RFC 3280 ############################RFC 3280 Internet X.509 Public Key Infrastructure April 2002
Given the uniqueness requirements above, serial numbers can be
expected to contain long integers. Certificate users MUST be able to
handle serialNumber values up to 20 octets. Conformant CAs MUST NOT
use serialNumber values longer than 20 octets.###############################################################best regardsMichael
