On 7/7/2014 8:24 PM, Barbe, Charles wrote: > > CHAD > >> On Jul 7, 2014, at 11:11 PM, "Jeffrey Walton" <noloa...@gmail.com> wrote: >> >> On Mon, Jul 7, 2014 at 9:59 PM, Barbe, Charles >> <charles.ba...@allworx.com> wrote: >>> I will try an ASN.1 decoder tomorrow. Thanks for the suggestion! >>> >>> One thing I did try today was to have both servers generate their >>> certificates using the same private key. Theoretically I would expect the >>> two certs to then be exactly the same to the bit... I am not providing any >>> domain or ip specific fields just so that I can do this comparison and made >>> sure all other variable fields would be static. >> The serial numbers will likely be different. >> > I explicitly set the serial to 1 so I could do a binary compare of the certs. > > I'm beginning to think it could be my protocol implementation and not the > cert itself. >
Anything that uses NSS (Netscape Security Services, including Firefox and perhaps Chrome) is going to choke on this. They shouldn't have choked with that particular error you said, though, they should have said "the certificate authority issued multiple certificates with the same serial number". -Kyle H
smime.p7s
Description: S/MIME Cryptographic Signature
