Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is serial number a unique key for X509 certificate?

Is certificate serial number a unique key for X509 certificate? User selects a certificate, and program stores serial number in preferences. Will the following code return the selected certificate?

public static X509Certificate2 GetCertificateBySerialNumber(string serialNumber) {     X509Certificate2 selectedCertificate = null;     X509Store store = null;     try     {         // get certificate from the store "My", "CurrentUser"         store = new X509Store(StoreName.My, StoreLocation.CurrentUser);         store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);         X509Certificate2Collection allCertificates = (X509Certificate2Collection)store.Certificates;         X509Certificate2Collection foundCertificates = (X509Certificate2Collection)allCertificates.Find(X509FindType.FindBySerialNumber, serialNumber, false);          // select the first certificate in collection         foreach (X509Certificate2 certificate in foundCertificates)         {             selectedCertificate = certificate;             break;         }     }     finally     {         if (store != null)         {             store.Close();         }     }      return selectedCertificate; } 

UPDATE: I ended up using certificate thumbprint, as suggested by jglouie.

like image 977
isobretatel Avatar asked Feb 01 '12 22:02

isobretatel


People also ask

Is serial number unique to the certificate?

A serial number. This is a unique identifier assigned by the CA which issued the certificate. The serial number is unique within the CA which issued the certificate: no two certificates signed by the same CA certificate have the same serial number.

What type of key is included in an x509 certificate?

509 certificate is that it is architected using a key pair consisting of a related public key and a private key. Applied to cryptography, the public and private key pair is used to encrypt and decrypt a message, ensuring both the identity of the sender and the security of the message itself.

Does x509 certificate contains private key?

An X. 509 certificate consists of two keys, namely a public key and a private key. This key pair, depending upon the application, allows you to sign documents using the private key so that the intended person can verify the signature using the public key related to it.

What is serial number in certificate?

The serial number is a unique number issued by the certificate issuer, which is also called the Certificate Authority (CA).


1 Answers

No. For example, OpenSSL let's the user set this when they create certificates.

See: http://www.openssl.org/docs/apps/x509.html

-set_serial n specifies the serial number to use. This option can be used with either the -signkey or -CA options. If used in conjunction with the -CA option the serial number file (as specified by the -CAserial or -CAcreateserial options) is not used.

The serial number can be decimal or hex (if preceded by 0x). Negative serial numbers can also be specified but their use is not recommended.

like image 74
jglouie Avatar answered Oct 08 '22 19:10

jglouie