Bug #11514
Updated by Jim Pingle over 3 years ago
When renewing a self-signed CA entry or self-signed certificate in the GUI the serial number is not replaced with a new one. The main example of this is the automatic GUI cert, which has a serial of @0@ `0` before and @0@ `0` after renewal. Since the serial is not replaced, some clients such as Firefox reject the cert change if the old one was stored (e.g. @SEC_ERROR_REUSED_ISSUER_AND_SERIAL@ error). Since it's self-signed the serial can be randomized safely. The serial is replaced as expected when renewing a regular certificate.