If you generate multiple certs with the same serial number, Firefox (and anything built with NSS) will absolutely refuse to have anything to do with those sites. There's no "click 3 times to get access", it's a simple refusal to talk with a non-standards-compliant server. (Of course, this puts the owner of the site in a lurch, because he doesn't run the CA in the vast majority of circumstances.)
Other TLS clients and browsers likely will do the same. I haven't checked though. -Kyle H On Wed, Sep 15, 2010 at 1:34 PM, Andy GOKTAS <andy.gok...@state.or.us> wrote:
Hello, Just curious if anyone knows, but what happens if I generate multiple server certs (using my self generated signing CA using openssl) that have the same assigned serial number? Does this create a conflict within the network and if users's end up accessing both certs, kaboooom? Is it merely a method of basic tracking on how many certificates a CA signs? Thanks, Andy Goktas ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME Cryptographic Signature
