Hi, I am trying to create a CA with serial number of 2 bytes. Then I receive a message that it should be between 4 to 20. I could only find the maximum value in rfc, which rfc/standard specify the minimum value ?
Thank you
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There is no RFC that specifies the minimum value. It is because EJBCA uses random serial numbers (as required by many current standards), it does not make sense with too small serial numbers, the number of certificates possible to issue will be too small.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, EJBCA 7.5.01 allows CAs to issue 20 Octets serial number by default. What is the recommended serial number size. Also, in older version of EJBCA the default serial number size was 8 Octets. On upgarded EJBCA version older CAs are having still 8 Octets as serial number is there any security risk about that? Only new CA by default can issue certificate with 20 Octet serial number on an upgraded version of EJBCA.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, I am trying to create a CA with serial number of 2 bytes. Then I receive a message that it should be between 4 to 20. I could only find the maximum value in rfc, which rfc/standard specify the minimum value ?
Thank you
There is no RFC that specifies the minimum value. It is because EJBCA uses random serial numbers (as required by many current standards), it does not make sense with too small serial numbers, the number of certificates possible to issue will be too small.
Hi, EJBCA 7.5.01 allows CAs to issue 20 Octets serial number by default. What is the recommended serial number size. Also, in older version of EJBCA the default serial number size was 8 Octets. On upgarded EJBCA version older CAs are having still 8 Octets as serial number is there any security risk about that? Only new CA by default can issue certificate with 20 Octet serial number on an upgraded version of EJBCA.
This is another topic that this thread is about. Please open a new question on the GitHub discussions (as linked from ejbca.org).
https://github.com/Keyfactor/ejbca-ce/discussions