[xmlsec] Problem with some cert which has a negative serial number
Andrew Fan
Xuelei.Fan at Sun.COM
Mon Feb 21 21:44:08 PST 2005
Hi All,
I get negative serial number from openssl like:
$openssl genrsa -des3 -out ca.key 1024
$openssl req -new -key ca.key -config aconfig.conf -out ca.csr
$openssl x509 -req -days 60 -set_serial -0001 -in ca.csr -signkey ca.key
-outform DER -out ca.cert
Hope that helps,
Andrew
Chandler Peng wrote:
> Aleksey ,
>
> Aleksey Sanin wrote:
>
>> I think I have a patch that should fix the problem with negative
>> serial numbers (see attached). I would appreciate if you can try
>> it to make sure that it works for you.
>>
>> Also if you have an example with certificate having negative
>> serial number, I would appreciate if you can share it so I
>> can create a test case.
>
>
> you can get such cert using the tool in SelfCert.zip , see Attachment.
> This tool is derived from MS (version11.0.5510.0)
>
>> I failed to get a negative serial
>> number from openssl :)
>>
> I can get the negative serial number only from this tool.
>
>> Thanks,
>> Aleksey
>
More information about the xmlsec
mailing list