[openssl-users] Personal CA: are cert serial numbers critical?

Tom Browder tom.browder at gmail.com
Wed Aug 16 13:24:49 UTC 2017

Many years ago I started a CA for one group I manage for a private website,
and now I want to update members' client certs for the stricter
requirements for browsers.

My original cert generation was entirely automated including the following:

+ CN for each is an e-mail address for the member

+ the passphrase for each member's cert is determined from a pre-generated
list by me, it will not change

I plan to tidy my automation before the issue of new certs, but I wonder
how critical it is to ensure unique certificate serial numbers given that
the certs are only used for us.  I'm not even sure I'll ever revoke any
cert (they were issued to expire sometime in 2030).

So, in summary, do I need to ensure cert serial numbers are unique for my

With warmest regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170816/6c61da5b/attachment.html>

More information about the openssl-users mailing list