Many years ago I started a CA for one group I manage for a private website, and now I want to update members' client certs for the stricter requirements for browsers.
My original cert generation was entirely automated including the following:
+ CN for each is an e-mail address for the member
+ the passphrase for each member's cert is determined from a pre-generated list by me, it will not change
I plan to tidy my automation before the issue of new certs, but I wonder how critical it is to ensure unique certificate serial numbers given that the certs are only used for us. I'm not even sure I'll ever revoke any cert (they were issued to expire sometime in 2030).
So, in summary, do I need to ensure cert serial numbers are unique for my CA?
With warmest regards,
-Tom
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
