Serial number new range assignment when random serial number management is enabled happens when the serial number range is exhausted
Steps to Reproduce:
1. pkispawn CA 2. Enable random serial number management. The following changes are made to CA's CS.cfg dbs.beginSerialNumber=1 dbs.endSerialNumber=20 dbs.serialLowWaterMark=14 dbs.serialCloneTransferNumber=5
Actual results:
I see new range of serial numbers were assigned after all the serial numbers in the current range was exhausted
Expected results:
Based on the following lines CA will switch to new range after exhausting all numbers from its current range when serial numbers are assigned sequentially. CA will switch to new range after crossing below defined thresholds (N5/2) which is 50% of the thresholds at which CA requests new range. in https://wiki.idm.lab.bos.redhat.com/export/idmwiki/Random_Certificate_Serial _Numbers#Range_Assignment_and_Range_Switching When random serial number managerment is enabled, new range is expected to be assigned when the available number of serial numbers is less than low watermark level/2
Metadata Update from @rpattath: - Issue set to the milestone: 10.2.6
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2109
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.