This is for root CA migration. In the case where we are using an existing CA cert and are migrating data as well, we do not want to issue system multiple certs with the same serial number. Being able to set the range for serial numbers and request numbers could avoid that.
This could be part of a general solution to a ticket for being able to import existing data,
This can be done without new deployment parameters: http://pki.fedoraproject.org/wiki/Custom_Installation#Customizing_certificate_serial_number_range
Could you list which parameters need to be added?
Parameters needed would be:
serial-number-range-start: 0xdeadbeef serial-number-range-end: 0xdeadbeef request-number-range-start: decimal request-number-range-end: decimal replica-number-range-start: decimal replica-number-range-end: decimal
These would correspond to the following parameters in CS.cfg:
dbs.beginReplicaNumber=1 dbs.beginRequestNumber=1 dbs.beginSerialNumber=1 dbs.endReplicaNumber=100 dbs.endRequestNumber=10000000 dbs.endSerialNumber=10000000
which would be modified before starting the configuration servlet.
Fixed in master:
Man page will be updated in ticket #2318.
Metadata Update from @vakwetu: - Issue assigned to edewata - Issue set to the milestone: 10.3.1
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2398
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.