Finding Duplicate RSA Moduli in the Wild

Most of the time, if not always, having the same modulus equates to saying that the certificates share the same public key, the latter being the tuple composed of the public exponent and the modulus. The first one is the set of all the certificates for which no duplicates occur; the second is the set of all the certificates with shared moduli/public keys belonging to the same organization. The assumptions under which the latter two sets are meant, which hence form the basis of the model, are those where an entry in the third set would represent a concrete threat to those parties whose modulus is non-unique; while an entry in the second set, although not representative of best-practices, could be more easily justified as the result of key or certificate reusage, a common custom on the Internet.

Source: sbudella.altervista.org