The serial number has to be unique for the issuer (CA). You can have multiple certificates with the same SubjectName, but the SerialNumber field has to be unique unless you're using a different issuer.
Chris On Sun, Sep 19, 2010 at 10:53 PM, <aerow...@gmail.com> wrote: > If you generate multiple certs with the same serial number, Firefox (and > anything built with NSS) will absolutely refuse to have anything to do with > those sites. There's no "click 3 times to get access", it's a simple > refusal to talk with a non-standards-compliant server. (Of course, this > puts the owner of the site in a lurch, because he doesn't run the CA in the > vast majority of circumstances.) > > Other TLS clients and browsers likely will do the same. I haven't checked > though. > > -Kyle H > > On Wed, Sep 15, 2010 at 1:34 PM, Andy GOKTAS <andy.gok...@state.or.us> > wrote: >> >> Hello, >> >> Just curious if anyone knows, but what happens if I generate multiple >> server certs (using my self generated signing CA using openssl) that have >> the same assigned serial number? >> >> Does this create a conflict within the network and if users's end up >> accessing both certs, kaboooom? >> >> Is it merely a method of basic tracking on how many certificates a CA >> signs? >> >> Thanks, >> Andy Goktas >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org >> > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
