Project

General

Profile

Actions
Copy link

Feature #9883

closed

Allow CAs to use randomized serials when signing

Added by Jim Pingle about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
Certificates
Target version:
2.5.0
Start date:
11/04/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Various guidelines suggest using randomized serial numbers when signing certificates, rather than using sequential numbers.

Add an option to CA entries (off by default) which will allow them to generate random serial numbers when signing for extra security.

The generated numbers must be tested against all known serials for a given CA to avoid accidentally duplicating a serial.

Actions
Copy link
 #1

Updated by Jim Pingle about 5 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #2

Updated by Viktor Gurov about 5 years ago

tested on pfSense 2.5.0.a.20191126.1832

it successfully creates random serials when creating certificates or signing CSR

Resolved

Actions
Copy link
 #3

Updated by Jim Pingle about 5 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF