[openssl-users] Personal CA: are cert serial numbers critical?
michael at stroeder.com
Wed Aug 16 13:32:10 UTC 2017
Tom Browder wrote:
> I plan to tidy my automation before the issue of new certs, but I wonder
> how critical it is to ensure unique certificate serial numbers given that
> the certs are only used for us. I'm not even sure I'll ever revoke any
> cert (they were issued to expire sometime in 2030).
> So, in summary, do I need to ensure cert serial numbers are unique for my
Yes, serial numbers should be unique per issuer-DN because the 2-tuple
(issuer-DN, cert serial no.) is expected to be unique in several protocols.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
More information about the openssl-users