Hi, The "database" file (an option in your openssl.conf) handles that perfectly.
Cheers Pascal 2010/9/22 Andy GOKTAS <andy.gok...@state.or.us> > So using the "-CAserial serial.srl" might be a good idea to avoid this. > > Now this leads me to the next question: > - Besides manually documenting a cross-reference for each certificate that > I sign to a serial number, is there any way to have this scripted and for an > appending log to the serial.srl file that's updated each time it's used? In > short, a list of cert name (=CN perhaps) and serial number associated with > it. > > ?? > > Thanks, > Andy Goktas > > >>> <aerow...@gmail.com> 9/19/2010 1:53 PM >>> > If you generate multiple certs with the same serial number, Firefox (and > anything built with NSS) will absolutely refuse to have anything to do with > those sites. There's no "click 3 times to get access", it's a simple > refusal to talk with a non-standards-compliant server. (Of course, this > puts the owner of the site in a lurch, because he doesn't run the CA in the > vast majority of circumstances.) > > Other TLS clients and browsers likely will do the same. I haven't checked > though. > > -Kyle H > > On Wed, Sep 15, 2010 at 1:34 PM, Andy GOKTAS <andy.gok...@state.or.us> > wrote: > > Hello, > > > > Just curious if anyone knows, but what happens if I generate multiple > server certs (using my self generated signing CA using openssl) that have > the same assigned serial number? > > > > Does this create a conflict within the network and if users's end up > accessing both certs, kaboooom? > > > > Is it merely a method of basic tracking on how many certificates a CA > signs? > > > > Thanks, > > Andy Goktas > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
