The manual page says 'ONE OF', not 'ALL OF'. VMware Workstation Pro 16 1 0 Build 117198959 incl keygen DevCourseWeb abc of Vmware Nsx Sdwan VMware Fusion Pro v12 0 0 Build 16880131 + Serial vsphere 4. The words sound like that, if serial numbers are not unique, CA can still use other directives to revoke the certificates. Then the manpage lists the directives that can be used: My second question is: Why is it required to use unique serial numbers for revocation? I'm asking because the section 'KEY REVOCATION LISTS' of ssh-keygen manual page says:Ī KRL specification consists of lines containing ONE OF the following directives followed by a colon and some directive-specific information. I'm wondering if my understanding is correct or not. It looks to me it's completely managed by the CA, i.e., the CA needs to figure out a way (either their own database or just a spreadsheet) to manage the serial numbers. if you want to use revocation lists, unique serial numbers are a requirement.īut by reading ssh-keygen manual page, I didn't seem to find a way to guarantee the uniqueness of the serial numbers. I read the article Scalable and secure access with SSH and it says:
(FYI: I'm using Ubuntu 18.04 Desktop although I don't think my question is platform-dependent.)