Is it legal to have two Certificate Authorities (CAs) with the same Common Name(CN)? The only difference between the two CAs is the Signature Algorithm. One is SHA-1 and other one is SHA-256. Is there a RFC or standard that restricts two Root CAs with the same CN?
One of the popular CA provided us a certificate signed with SHA-256 Root CA with the same CA CN of another SHA-1 CA. Both the CA Certificates are from the same CA vendor. Some of our other systems are using the old SHA-1 CA issued certificate and interfacing with the system using the new SHA-256 certificate. We are seeing "Signature does not match" error when try to authenticate/authorize the saml document. Based on our analysis the system is finding two CA certs with the CN and trying to use the SHA-256 CA cert instead of the SHA-1 sent by the client.