X.509 Certificate Serial Number

Question

X.509 Certificate Serial Number

I am programming a Certificate Authority in java for the uni class, now I do not know which is the best option for the certificate serial number.

Simple static counter from 0 to veryBigNumber
some huge random number BigInt

Is there a good reason to choose one over the other ... or none of them?

thanks,

+5

java security x509certificate x509 pki

woolagaroo Jan 19 '10 at 20:43

source share

6 answers

0 veryBigNumber , bigRandomNumber - .

- , , , .

+2

laura 19 . '10 20:47

, . , , , .

, , . , ( ) , , .

+2

hmm 19 . '10 20:49

, (Issuer distinguished name, serial number) . , , . 20- . , , , .

SSL- (Alex Sotirov et al.), MD5, . . , - , , MD5. MD5.

+1

James K Polk 20 . '10 0:52

, Serial, .... , , ..

0

J Hunt 20 . '10 12:17

I accidentally came across this question by accident, and from the answers you might think that a predictable serial number is not a security issue. I would say that this is a problem and that random serial numbers are much safer. Wed Flame attack et al. here or here or wikipedia article " Predictable serial number attack .

0

Jim flood May 23 '14 at 18:41

source share

Jason Whitehorn · Accepted Answer · 2010-01-19T20:55:27+0000

I would recommend using a random number, but keep a list of these serial numbers in the database. This will do two things.

You will never republish the same serial number.
You can specify the serial number of the certificate, even if it is remote.

, # 1 , , , № 2 - - , , -.

X.509 Certificate Serial Number

More articles: