I was checking out the SSL chain on onlineaccess.ncsecu.org because a network glitch made me paranoid. Both Firefox and IE on my computer have this chain:
onlineaccess.ncsecu.org
Serial number 6C:16:7D:5A:D0:A3:0B:06:D2:C1:DE:A4:7C:C4:A9:23
^
Symantec Class 3 Secure Server CA - G4
Serial number 51:3F:B9:74:38:70:B7:34:40:41:8D:30:93:06:99:FF
^
VeriSign Class 3 Public Primary Certification Authority - G5
Serial number 18:DA:D1:9E:26:7D:E8:BB:4A:21:58:CD:CC:6B:3B:4A
However, multiple SSL chain checker sites around the internet, e.g. https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp, say that the VeriSign G5 certificate at the end of that chain has a different serial number: 25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd. They all agree on the other two certificates in the chain.
So are there actually two different legitimate versions of the VeriSign certificate which can be used to sign the same child certificate?