Hodie VII Id. Aug. MMVIII est, David Schwartz scripsit: > > > I have had a look around and it appears that the serial number > > for the > > last certificate created was FF (hex), indicating 256 > > certificates have > > so far been created. The next number in the serial file is 0100, > > which > > would seem the logical next number, however the certificate > > signing > > bails out on me. > > FF is not a legal certificate number. Certificate numbers must not be > negative. (0xFF has the sign bit set and hence is negative.)
"Legally" (this term has nothing to do here) a serial number *can* be negative, if you're looking at the X.509 recommendation. That's surely not the reason of the problem. Only the RFC (starting with 3280) states that the serialNumber MUST be a positive integer. -- Erwann ABALEA <[EMAIL PROTECTED]> ----- ``Do or do not. There is no try." Yoda ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]