Is the serial number attribute of an X509 certificate Issuer or Subject, as defined in RFC5280, required to be the same as the Serial Number of the issuing or subject certificate? It seems quite potentially confusing to have it otherwise, but I can't find where the relevant specifications define this clearly.
In https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.2, we have
4.1.2.2. Serial Number
The serial number MUST be a positive integer assigned by the CA to
each certificate. It MUST be unique for each certificate issued by a
given CA (i.e., the issuer name and serial number identify a unique
certificate).
In https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.4, we have
4.1.2.4. Issuer
.
.
.
Standard sets of attributes have been defined in the X.500 series of
specifications [X.520]. Implementations of this specification MUST
be prepared to receive the following standard attribute types in
issuer and subject (Section 4.1.2.6) names:
* country,
* organization,
* organizational unit,
* distinguished name qualifier,
* state or province name,
* common name (e.g., "Susan Housley"), and
* serial number.
In https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.6, we have
4.1.2.6. Subject
.
.
.
The subject field is defined as the X.501 type Name. Implementation
requirements for this field are those defined for the issuer field
(Section 4.1.2.4).
In https://www.itu.int/rec/T-REC-X.520-201610-I/en, we have
6.2.9 Serial Number
The Serial Number attribute type specifies an identifier, the serial number of an object.
An attribute value for Serial Number is a printable string.
serialNumber ATTRIBUTE ::= {
WITH SYNTAX PrintableString(SIZE (1..MAX))
EQUALITY MATCHING RULE caseIgnoreMatch
SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
LDAP-SYNTAX printableString.&id
LDAP-NAME {"serialNumber"}
ID id-at-serialNumber }
