Project

General

Profile

Actions

Bug #11514

closed

Renewing a self-signed CA or certificate does not update the serial number

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
02/23/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

When renewing a self-signed CA entry or self-signed certificate in the GUI the serial number is not replaced with a new one. The main example of this is the automatic GUI cert, which has a serial of 0 before and 0 after renewal.

Since the serial is not replaced, some clients such as Firefox reject the cert change if the old one was stored (e.g. SEC_ERROR_REUSED_ISSUER_AND_SERIAL error).

Since it's self-signed the serial can be randomized safely.

The serial is replaced as expected when renewing a regular certificate.

Actions

Also available in: Atom PDF