>Any two certs with the same issuer must have different serial numbers.
I have never claimed anything else. >This is a basic X509 requirement, violating this will cause you >interoperability problems. If you reissue your CA cert, it must have a >new number. If you spin up another CA with the same issuer, it must have >a unique serial number space from your previous. Absolutely! >This is a common error when people build CA's out of developement tools. Although the certs indeed where created with dev. tools, they don not violate the rules. Probably the inability to view them in Mozilla is the reason he did some conclusions. >If your CA's have different issuers, then you are correct, the CA has >complete control of the serial number space. We are in perfect agreement AFAICT. Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
