Menu
I am programming a Certification Authority in java for a uni class, now I don't know what's the best option for the serial number of the Certificate.
Is there any good reason for choosing one over the other... or none of them??
thanks,
833
A serial number. This is a unique identifier assigned by the CA which issued the certificate. The serial number is unique within the CA which issued the certificate: no two certificates signed by the same CA certificate have the same serial number.
Certificate serial number requirements As per RFC 5280 §4.1. 2.2, serial numbers MUST be unique, not greater than 20 bytes long non-negative integer and at least 1 bit must be enabled in first byte.
I would recommend that you use a random number, but keep a list of those issued serial numbers in a database. This will allow for two things.
Of course #1 requires that you check against the known list on generation and to generate a new random number if a collision occurs, and #2 isn't much of anything in terms of security or validation but an interesting prospect never-the-less.
165
Technically counter from 0 to veryBigNumber is easier to implement than bigRandomNumber - because the serial numbers MUST be different.
However - you might not want to use a simple counter if you care about people knowing how many certificates you issued.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
