On Sun, Jul 05, 2015, Salz, Rich wrote: > > > > the question: where does the serial number for this certificate come from? > > > is it random by default when nothing is said about it? > > It will be random if (a) the serial file does not exist; and (b) you specify > the -create_serial flag. Otherwise it opens the file, reads the number > (defaulting to zero if not exists) and increments it, updates the file, and > uses that as the new serial number. >
Unless I'm misreading the code an absent serial number file is an error. We don't start with zero any more because this can result in duplicate issuer names and serial numbers which can cause hard to trace problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
