Document ID : KB000122450
Last Modified Date : 05/12/2018
Show Technical Document Details
Two certificates that have different names and labels but the same serial number and DN are being flagged as duplicate certificates. 

TSS0940I DUPLICATE CERTIFICATE DETECTED - CERTAUTH - 00.CN=Schipperke Hank Certificate Authority.OU=Schipperke Nation.C=US 
One certificate will ADD and the other will fail.  The CHKCERT of both certificate's data sets will show that the certificates are viewed as the same/duplicates. This is because the serial number and the DN are the same.  CA certificates are used to sign other certificates.  When a certificate signs another certificate it places its DN in the other certificate's IDN.  An unsigned certificate will have matching DN and IDNs. If two certificates have the same DN and then sign other certificates there would be no way to distinguish what certificate was actually the signer. This is why the DN, which is created in the CN field of the GENCERT command, needs to be unique.