On Mon, May 4, 2015 1:25 pm, David Woodhouse wrote: > Surely that's not unique? Using the above example, surely the first > certificate issued by the 2010 instance of 'My CA', and the first > certificate issued by the 2015 instance, are both going to have > identical CKA_ISSUER and CKA_SERIAL_NUMBER, aren't they?
No, every subject and serial must be unique. If the 2010 and 2015 instance are distinct bytes, they need distinct serial numbers. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
