Hodie VII Id. Aug. MMVIII est, David Schwartz scripsit:
>
> > I have had a look around and it appears that the serial number
> > for the
> > last certificate created was FF (hex), indicating 256
> > certificates have
> > so far been created. The next number in the serial file is 0100,
> > which
> > would seem the logical next number, however the certificate
> > signing
> > bails out on me.
>
> FF is not a legal certificate number. Certificate numbers must not be
> negative. (0xFF has the sign bit set and hence is negative.)
"Legally" (this term has nothing to do here) a serial number *can* be
negative, if you're looking at the X.509 recommendation. That's surely
not the reason of the problem. Only the RFC (starting with 3280)
states that the serialNumber MUST be a positive integer.
--
Erwann ABALEA <[EMAIL PROTECTED]>
-----
``Do or do not. There is no try."
Yoda
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
