Project

General

Profile

Actions

Feature #9883

closed

Allow CAs to use randomized serials when signing

Added by Jim Pingle almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
11/04/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Various guidelines suggest using randomized serial numbers when signing certificates, rather than using sequential numbers.

Add an option to CA entries (off by default) which will allow them to generate random serial numbers when signing for extra security.

The generated numbers must be tested against all known serials for a given CA to avoid accidentally duplicating a serial.

Actions #1

Updated by Jim Pingle almost 2 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Viktor Gurov almost 2 years ago

tested on pfSense 2.5.0.a.20191126.1832

it successfully creates random serials when creating certificates or signing CSR

Resolved

Actions #3

Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF