This is just a question, but a few weeks back we had to recreate our CA (long story, but the original seemed have gotten corrupted, but wasn't yet expired)

(OES2 sp3 and OES11)

Now whenever I create new server certs , via iMangler | Repair default certificates, (since I want our servers to have certs signed by the current working CA) I see that the serial number for both the CA and the server cert are identical.
This strikes me a odd, two different certs ought to have unique serials, shouldn't they? I am 99% certain this was the case with our old CA.

On the plus side, the certs do validate okay.