Duplicate entry for Symantec Certificate Transparency Logs

Update 2017-08-11: Results from Censys revealed the first one was Precert, and the second one is the actual certificate.

 

When I was renewing my Comodo certificates, I decided to use other CA, for no apparent reasons. (You know, things are not always decided logically.) I chose RapidSSL because it was not that expensive (just $1 more expensive than Comodo) from the reseller.

So I paid the bill, did the DV, and then got the certificate. It had CT logs embedded in it, and it appeared on crt.sh/50101894. And few days later, crt.sh/50901135 appeared, with the exact same certificate data, with same serial number and completely new SHA1/SHA256 hashes. Both certificate has same serial number of 76:65:5a:ae:68:b6:ae:a7:48:15:f3:c4:04:46:f5:93.

It does not seem to be specific to my case, see Korean Air for example – the original certificate has CT date Mon, 20 Jun 2016 05:00:04 GMT with crt.sh/22661466, and there’s one more new entry for crt.sh/23006552. Even RapidSSL’s official web site has this issue – crt.sh/6475072 and crt.sh/6495675 both have same serial number of 26:ce:20:a9:cf:44:d3:f7:13:0b:d2:98:5e:d5:32:5b.

I don’t know why this happens, and if this is known problem or something is happening but it’s worth logging so.. :P