Re: SSL Cert serial number non-uniqueness impact

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 14/01/2018 12:07, pratyush parimal wrote:
> Hi everyone,
>
> I read  from several sources that the serial number of a cert MUST be
> unique within a CA. But could someone explain what would happen if the
> serial number was not unique?

The certificate itself will continue to work (the signature will be
valid), but requesting status on the certificate (e.g., through OCSP or
by doing a lookup in a CRL) will not work as expected as those use the
serial number as an identifier.

> Would it cause SSL connections to fail in some manner?
No, but if the peer wants to request information on the used certificate
from the CA to verify whether the certificate is still valid, it may end
up receiving information about the wrong certificate.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux