Great! Thanks for that information Patrick. :) Thanks, Andy Goktas
>>> Patrick Patterson <ppatter...@carillonis.com> 9/17/2010 6:11 AM >>> Hi Andy: Well, aside from violating most of the standards around PKI, the main problem you will have is revocation - the way you revoke a certificate is to put it's serial number on a CRL. So if you have multiple certs with the same serial number, if you ever need to revoke one of those certificates, you will end up revoking them all. The reason that the standards are written that way is that the principle is that the tuple of the Issuer Name and Serial Number is able to uniquely identify any given certificate, which is important for any number of very good, trust related reasons. Have fun! Patrick. On 2010-09-15, at 4:34 PM, Andy GOKTAS wrote: > Hello, > > Just curious if anyone knows, but what happens if I generate multiple server > certs (using my self generated signing CA using openssl) that have the same > assigned serial number? > > Does this create a conflict within the network and if users's end up > accessing both certs, kaboooom? > > Is it merely a method of basic tracking on how many certificates a CA signs? > > Thanks, > Andy Goktas > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org --- Patrick Patterson President and Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca tel: +1 514 485 0789 mobile: +1 514 994 8699 fax: +1 450 424 9559 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
