Created
June 8, 2016 00:05
-
-
Save gtank/9cd0451ab419322f2f5013f9772b2265 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// RFC 5280 4.1.2.2. Serial Number | |
// The serial number MUST be a positive integer assigned by the CA to | |
// each certificate. It MUST be unique for each certificate issued by a | |
// given CA (i.e., the issuer name and serial number identify a unique | |
// certificate). CAs MUST force the serialNumber to be a non-negative | |
// integer. | |
// | |
// Given the uniqueness requirements above, serial numbers can be | |
// expected to contain long integers. Certificate users MUST be able to | |
// handle serialNumber values up to 20 octets. Conforming CAs MUST NOT | |
// use serialNumber values longer than 20 octets. | |
func generateCertificateSerialNumber() (*big.Int, error) { | |
var serialBytes = make([]byte, 20) | |
n, err := rand.Read(serialBytes) | |
if err != nil || n != len(serialBytes) { | |
return nil, fmt.Errorf("could not generate random serial number: %v", err) | |
} | |
serialBytes[0] &= 0x7F // mask lead byte to avoid negatives | |
serial := new(big.Int).SetBytes(serialBytes) | |
return serial, nil | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment