When a keyring is called by an application, and there are several keyrings by that name, how does the application know which one to validate against.
For example:
ACID KEYRING
USER01 RINGSSL
USER02 RINGSSL
USER03 RINGSSL
USER04 RINGSSL
USER05 RINGSSL
Release : 16.0
The application does not "call" for the keyring. The acid that needs to be verified will present its keyring and then the application will verify if it is valid.
Only one acid is presenting a keyring in the application.
Using the above as an example, if acid USER01 is logging into SSL, then USER01 will present its keyring called RINGSSL.
So there is never a conflict because it is validating that this acid/user has the correct credentials.
To further explain, remember that the application is looking at the Label and not the Common Name.
It is good practice to keep the Label and the Common Name the same unless an application tells you what to use as the Label.
Behind the scenes, the actual name of the keyring is, owning acid.keyring label.
Assume that the Label and Common Name are the same in the example.
That would mean that what is seen behind the scenes (what an application sees and looks for) is the following:
Owning Acid.Keyring Label:
USER01.RINGSSL
USER02.RINGSSL
USER03.RINGSSL
USER04.RINGSSL
USER05.RINGSSL
Now if you look at the names of the keyring they are not the same at all.
Note* The same is true for certificates. The behind the scenes name for a certificate is, owningacid.certificatelabel.