Duplicate Subject Distinguished Name On Digital Certificate?

Document ID : KB000053853
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Our site has been sent a new digital certificate to replace an existing one that expires in a month. Instead of waiting for the existing certificate to expire before installing the new one, can the new one be added now and given a different label or digicert name? Or will CA Top Secret allow another certificate to be added with the same "Subject Distinguished Name"?

Solution:

The LABLCERT and DIGICERT fields can be duplicated as long as the owner is a different one.

CA Top Secret will not allow for duplicate subject distinguished names.

TSS GENCERT(TEST) DIGICERT(DUMMY)
TSS GENCERT(TEST) DIGICERT(DUMMY1)

TSS0301I GENCERT FUNCTION FAILED, RETURN CODE = 4
TSS1525E CERTIFICATE ALREADY EXISTS WITH THIS SERIAL/ISSUERDN
READY

Note: Since the SUBJCTDN was left off, the userid is used as subject distinguished name.

The second command failed because it was trying to use TEST as the subject distinguished name again.

GENCERTing it to a different ACID yields the same results.