It's probably because 'openssl req -x509' was used to create it, without using the -set-serial option.
-Kyle H On Wed, Jun 17, 2009 at 12:00 PM, Satish Chandra Kilaru<iam.kil...@gmail.com> wrote: > Hi Kyle > > Thank you. This was generated using openssl command. Could illegal > serial number be because of a wrong entry in conf file? > > --Satish > > On Wed, Jun 17, 2009 at 2:34 PM, Kyle Hamilton<aerow...@gmail.com> wrote: >> It is basically a human-readable expression of the data that's in the >> certificate. Theoretically, the certificate could be regenerated from >> the data in this expression, but I've never seen an implementation >> that makes it possible. >> >> This certificate is in violation of PKIX because its serial number is >> not a positive integer, by the way. >> >> -Kyle H >> >> On Wed, Jun 17, 2009 at 10:50 AM, Satish Chandra >> Kilaru<iam.kil...@gmail.com> wrote: >>> Hi >>> >>> In the following sample certificate, there is a tun of information >>> before --BEGIN CERTIFICATE--. >>> Who is this for? Is it for a human reader to make sense of who/what >>> this certificate is certifying? If it is for a s/w program that uses >>> certificates, how is this information supposed to be used? >>> >>> Thanks in advance. >>> >>> --Satish >>> >>> Certificate: >>> Data: >>> Version: 3 (0x2) >>> Serial Number: 0 (0x0) >>> Signature Algorithm: sha1WithRSAEncryption >>> Issuer: C=US, ST=NJ, O=CVLT, OU=dev, >>> CN=****/emailaddress=*...@****.com >>> Validity >>> Not Before: May 1 01:07:24 2009 GMT >>> Not After : Apr 30 01:07:24 2012 GMT >>> Subject: C=US, ST=NJ, O=CVLT, OU=dev, >>> CN=****/emailaddress=*...@****.com >>> Subject Public Key Info: >>> Public Key Algorithm: rsaEncryption >>> RSA Public Key: (1024 bit) >>> Modulus (1024 bit): >>> 00:a6:d9:82:67:67:8c:70:c7:4b:5f:d0:e3:24:2d: >>> ee:b3:79:ad:85:73:03:64:f2:64:fc:e6:a4:fd:b8: >>> 43:23:b2:a4:15:31:d5:ed:01:0d:c7:14:8b:a7:c2: >>> e6:b5:3a:8a:df:99:de:b9:ac:d9:6f:c6:6d:91:bd: >>> 43:d5:11:a5:bb:e4:9d:ae:99:a6:53:1f:44:9d:0d: >>> 8e:4d:46:32:9e:0b:a8:ce:37:54:7f:ae:cc:35:3d: >>> b7:6e:64:54:25:9c:63:8c:b2:d8:3a:92:ce:b4:57: >>> ca:08:cb:ef:ca:2c:20:59:79:a7:35:1c:85:ba:32: >>> b3:9f:38:72:37:76:34:e0:05 >>> Exponent: 65537 (0x10001) >>> X509v3 extensions: >>> X509v3 Basic Constraints: >>> CA:FALSE >>> Netscape Comment: >>> OpenSSL Generated Certificate >>> X509v3 Subject Key Identifier: >>> 09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 >>> X509v3 Authority Key Identifier: >>> >>> keyid:09:89:A7:7B:66:C3:58:4D:4C:C5:80:C0:42:91:04:D2:67:04:C8:A1 >>> >>> Signature Algorithm: sha1WithRSAEncryption >>> 0f:76:38:a8:d3:e6:a4:59:3f:ad:bd:60:69:c2:20:88:f0:20: >>> 74:ca:55:ae:d3:f0:f7:e9:a6:68:16:7e:b2:b4:e0:c5:45:5b: >>> b4:94:60:a6:83:20:95:4c:72:04:80:93:4a:6b:64:20:ad:74: >>> c4:1d:da:31:fd:37:92:d4:d8:46:a1:95:fc:4c:fc:85:6d:4f: >>> 56:18:0a:46:04:b5:98:5a:e0:64:4c:90:48:ff:9e:c0:92:0e: >>> 0c:c4:ba:85:c9:56:d7:4e:a5:9f:16:e2:76:4c:24:b6:c6:b6: >>> 2c:ef:63:f3:50:3f:90:12:57:8a:af:2f:21:93:e4:c8:aa:e7: >>> ef:a9 >>> -----BEGIN CERTIFICATE----- >>> MIICzTCCAjagAwIBAgIBADANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJVUzEL >>> MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE >>> AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w >>> HhcNMDkwNTAxMDEwNzI0WhcNMTIwNDMwMDEwNzI0WjBuMQswCQYDVQQGEwJVUzEL >>> MAkGA1UECBMCTkoxDTALBgNVBAoTBENWTFQxDDAKBgNVBAsTA2RldjEPMA0GA1UE >>> AxMGc2F0aXNoMSQwIgYJKoZIhvcNAQkBFhVza2lsYXJ1QGNvbW12YXVsdC5jb20w >>> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKbZgmdnjHDHS1/Q4yQt7rN5rYVz >>> plMfRJ0Njk1GMp4LqM43VH+uzDU9t25kVCWcY4yy2DqSzrRXygjL78osIFl5pzUc >>> hboys584cjd2NOAFAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W >>> HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQJiad7ZsNY >>> TUzFgMBCkQTSZwTIoTAfBgNVHSMEGDAWgBQJiad7ZsNYTUzFgMBCkQTSZwTIoTAN >>> BgkqhkiG9w0BAQUFAAOBgQAPdjio0+akWT+tvWBpwiCI8CB0ylWu0/D36aZoFn6y >>> tODFRVu0lGCmgyCVTHIEgJNKa2QgrXTEHdox/TeS1NhGoZX8TPyFbU9WGApGBLWY >>> WuBkTJBI/57Akg4MxLqFyVbXTqWfFuJ2TCS2xrYs72PzUD+QEleKry8hk+TIqufv >>> qQ== >>> -----END CERTIFICATE----- >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-us...@openssl.org >>> Automated List Manager majord...@openssl.org >>> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
