#8 Certificate Dump: Negative Serial Numbers

open
nobody
None
5
2012-03-23
2012-03-23
Anonymous
No

SSL Certificate:
Version: 0
Serial Number: -4294967295
Signature Algorithm: sha1WithRSAEncryption
Issuer: /CN=xxx/O=xxx/ST=California/C=US
Not valid before: Mar 13 18:01:35 2012 GMT
Not valid after: Mar 12 18:01:35 2017 GMT
Subject: /CN=xxx/O=xxx/ST=California/C=US
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d8:32:c3:92:b0:97:23:4f:32:6f:60:66:c2:3a:
27:c8:a7:15:ea:21:35:89:44:6c:f1:eb:33:bb:be:
5d:49:8c:57:53:94:8e:46:5e:31:44:3a:b2:c7:5a:
3c:6d:3c:05:52:c2:6f:6e:c3:ba:17:52:fa:0e:e9:
f9:b3:93:1d:cb:03:0a:85:7e:3a:da:23:02:55:98:
a7:86:85:eb:48:31:66:93:81:15:70:c4:f7:e6:7f:
65:01:b9:ca:54:ea:a1:77:90:07:8c:e8:7f:99:4f:
8e:28:68:41:47:a4:34:2b:76:e9:cd:ac:d4:61:83:
2c:00:50:2c:b4:2d:b8:60:dd:d2:3f:5a:b0:11:4e:
dd:f1:5e:e2:cc:40:15:b9:27:b4:98:c6:5e:9a:f7:
4e:43:40:cc:c4:09:2d:95:9c:08:23:57:89:fa:70:
ea:1c:76:45:53:2f:a9:a2:d1:9a:69:5b:bf:70:81:
e7:45:f3:9d:05:d1:ba:6e:d2:a2:54:91:a9:3b:f0:
14:4f:d6:e8:e7:2b:a3:ff:bf:4c:b2:21:03:18:ab:
b7:94:f8:8b:e4:35:0b:27:27:02:4a:47:e7:d3:d9:
fd:80:79:58:1b:07:bb:00:cc:93:92:39:5f:61:3c:
54:75:c8:40:0b:d2:ad:eb:ae:6e:74:fb:d5:cb:70:
f7:99
Exponent: 65537 (0x10001)
Verify Certificate:
self signed certificate

Discussion


  • Anonymous
    2012-03-23

    A negative serial number might be legal. I can't seem to find where its expressly prohibited.

    From X.509 (http://www.itu.int/rec/T-REC-X.509):

    CertificateContent ::= SEQUENCE {
    ...
    serialNumber CertificateSerialNumber,
    ...
    }

    CertificateSerialNumber ::= INTEGER

    However, RFC 5280 (http://www.rfc-editor.org/rfc/rfc5280.txt) does require the S/N to be positive:

    4.1.2.2. Serial Number

    The serial number MUST be a positive integer assigned by the CA to
    each certificate. It MUST be unique for each certificate issued by a
    given CA (i.e., the issuer name and serial number identify a unique
    certificate). CAs MUST force the serialNumber to be a non-negative
    integer.