It's important to note that NSS-based applications (such as Firefox)
will actually categorically refuse to connect to a site with an
Issuer/serial collision with another certificate it has seen before.
So yes, it can cause some applications to fail their SSL connections.
-Kyle H
On Tue, Jan 16,
On 14/01/2018 12:07, pratyush parimal wrote:
> Hi everyone,
>
> I read from several sources that the serial number of a cert MUST be
> unique within a CA. But could someone explain what would happen if the
> serial number was not unique?
The certificate itself will continue to work (the signature
The combination of (issuer,serial#) is the only way to get a unique identifier
for a certificate. Lots of software depends on certs being uniquely
identifiable. What happens if that assertion is not true? Some things will
break. What? Well, it depends on the software, and which certs are
“
On 01/14/2018 12:07 PM, pratyush parimal wrote:
> I read from several sources that the serial number of a cert MUST be
> unique within a CA. But could someone explain what would happen if the
> serial number was not unique?
Certificate Revocation Lists (CRLs) identify invalid certificates by
mean
Hi everyone,
I read from several sources that the serial number of a cert MUST be
unique within a CA. But could someone explain what would happen if the
serial number was not unique?
Would it cause SSL connections to fail in some manner? I think I'm a little
unclear about the "purpose" of the se
