Hodie III Id. Ian. MMXI, Peter Sylvester scripsit: > by using the command x509 and not ca for example. > you can use a serial number based on a date > seconds plus processid for example) to guarantee > uniqueness.
More on this. A serial number MUST be unique (by X.509 design), and SHOULD be random (best practices, to avoid attacks with non collision-resistant hash functions). In order to be referenced by browser vendors (Opera comes to mind, and I think Mozilla will require this), the serial number MUST be random (or at least *appear* random from the outside). -- Erwann ABALEA <erwann.aba...@keynectis.com> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
