Renewing a self-signed CA or certificate does not update the serial number
When renewing a self-signed CA entry or self-signed certificate in the GUI the serial number is not replaced with a new one. The main example of this is the automatic GUI cert, which has a serial of
0 before and
0 after renewal.
Since the serial is not replaced, some clients such as Firefox reject the cert change if the old one was stored (e.g.
Since it's self-signed the serial can be randomized safely.
The serial is replaced as expected when renewing a regular certificate.