On 14/01/2018 12:07, pratyush parimal wrote: > Hi everyone, > > I read from several sources that the serial number of a cert MUST be > unique within a CA. But could someone explain what would happen if the > serial number was not unique? The certificate itself will continue to work (the signature will be valid), but requesting status on the certificate (e.g., through OCSP or by doing a lookup in a CRL) will not work as expected as those use the serial number as an identifier. > Would it cause SSL connections to fail in some manner? No, but if the peer wants to request information on the used certificate from the CA to verify whether the certificate is still valid, it may end up receiving information about the wrong certificate. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
