On 01/14/2018 12:07 PM, pratyush parimal wrote: > I read from several sources that the serial number of a cert MUST be > unique within a CA. But could someone explain what would happen if the > serial number was not unique? Certificate Revocation Lists (CRLs) identify invalid certificates by means of a) the CA keypair that issued it (the pubkey being represented in the signature) and b) the serial number, *not* pubkey / DN / ..., of the invalid cert. If that's not unique, revoking one of the affected certs will have the effect of revoking them all. Regards, -- Jochen Bern Systemingenieur www.binect.de
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
