What's the impact of a simple certificate serial number?

As a result of following internet guides slightly too closely, my company's internal PKI now has an intermediate certificate with the serial number "10 00".

Comparing to other certificates, where the serial number is a fairly lengthy hex value, I'm left wondering whether I've created a sub-par cert.

Our Root CA is a simple offline Debian server, which produced the root certificate with OpenSSL. I then created an intermediate certificate authority (Windows Server 2012R2 bound to Active Directory), and created a CSR from that. Creating the certificate on the Root CA then produced this "10 00" certificate, which is now distributed throughout Active Directory.

As this certificate belongs to the Issuing CA, the serial number of the certificates it produces are unpredictable. It's also the only certificate from the RootCA that will have such a droll serial number; any subsequent certificates signed by our Root will have more lengthy serial numbers.

Have I introduced any vulnerabilities or insufficiencies into our PKI with this serial number? Is it worth the time to pull it out of the AD infrastructure and start over?

EDIT: The certificates in question are RSA-4096, using SHA256.

Replay

The primary risk to your organization is that of someone else who gets tasked with creating an intermediate certificate, and googling for and following the exact same internet guides you found, thus producing another certificate with the exact same serial number. This could eventually cause problems with a certificate management database, where the certificate serial numbers might be an indexed field that must be kept unique.

Security-wise, the certificate (and your organization's PKI security) is protected 100% by your root CA's signature. The value of the serial number has nothing to do with the protection offered by the encryption. An attacker will not be able to tamper with it or offer a substitute just because it has a low or known serial number.

Category: certificates Time: 2016-07-28 Views: 1

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.199 (s). 12 q(s)