➢ So, in summary, do I need to ensure cert serial numbers are unique for my CA? Why would you not? The specifications require it, but those specifications are for interoperability. If nobody is ever going to see your certs, then who cares what’s in them?