I upgraded the linux full release on a server. As part of the process I generated a new local ssl certificate key set with genkey. However the serial number remained the same and client apps such as thunderbird are erroring with: "Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number".

I see I have three choices:

1. copy the old cert from the original OS system.
2. regenerate a second new cert with a new serial number
3. remove the keys from the apps and allow the new one to

This is a limited server environment with only 4 client users. A couple of follow up questions:

I prefer solution 3. Is there a way to scan cert.db for serial number? Is there a cert.db tool? The tool in Mozilla does not report serial number and the duplicate certificates are not obvious.

The second choice is the generate a new serial number for the server. How is this done? Are local certs verified externally and will this create an issue.