<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 9/20/2017 10:28 AM, Walter H. via
openssl-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:59C2A52F.2080800@mathemainzel.info">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
On 20.09.2017 18:33, Jordan Brown wrote:
<blockquote
cite="mid:8ee5025c-e26a-b03f-9722-4aa0bab6eda1@jordan.maileater.net"
type="cite">
<meta http-equiv="Context-Type" content="text/html; ">
<p>Q: Does OpenSSL's trust-list verification support trusting
multiple certificates with the same subject name and
overlapping validity periods?</p>
</blockquote>
do these replacement certificates have the same serial number and
the same private key?<br>
</blockquote>
<br>
I'll check with my colleague who is doing the actual work, but...<br>
<br>
I assume that they do not have the same serial number, since they
are new certificates.<br>
<br>
I don't know whether they have the same private key. For discussion
purposes, let's say that they might or might not have the same key.<br>
<br>
Remember that these are customer-controlled certificates; I don't
get to tell them how the certificates should be structured.<br>
<br>
Note that this would be easy if each successive certificate had a
different Subject, because then the trust list could contain all of
them and there would be no possibility for confusion. But they
don't.<br>
<br>
<pre class="moz-signature" cols="72">--
Jordan Brown, Oracle Solaris</pre>
</body>
</html>