> The CA may use a Precertificate Signing Certificate to sign the > Precertificate, and then sign the final certificate with the production CA > certificate. Then, there would be no duplicate serial number issues.
Brian, even if the CA uses a Precert signing cert, the precert's issuer name has to be that of the ultimate issuer, and the serial number has to be that of the ultimate certificate, so I don't think that solves the problem. -Rick _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
