Tom Browder wrote: > I plan to tidy my automation before the issue of new certs, but I wonder > how critical it is to ensure unique certificate serial numbers given that > the certs are only used for us. I'm not even sure I'll ever revoke any > cert (they were issued to expire sometime in 2030). > > So, in summary, do I need to ensure cert serial numbers are unique for my > CA? Yes, serial numbers should be unique per issuer-DN because the 2-tuple (issuer-DN, cert serial no.) is expected to be unique in several protocols. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
