#2278 Add pkispawn parameters to specify serial, request, and replica number ranges
Closed: Fixed None Opened 7 years ago by vakwetu.

This is for root CA migration. In the case where we are using an existing CA cert and are migrating data as well, we do not want to issue system multiple certs with the same serial number. Being able to set the range for serial numbers and request numbers could avoid that.

This could be part of a general solution to a ticket for being able to import existing data,


Could you list which parameters need to be added?

Parameters needed would be:

  serial-number-range-start:   0xdeadbeef
  serial-number-range-end:      0xdeadbeef
  request-number-range-start:   decimal
  request-number-range-end:     decimal
  replica-number-range-start:   decimal
  replica-number-range-end:     decimal

These would correspond to the following parameters in CS.cfg:

dbs.beginReplicaNumber=1
dbs.beginRequestNumber=1
dbs.beginSerialNumber=1
dbs.endReplicaNumber=100
dbs.endRequestNumber=10000000
dbs.endSerialNumber=10000000

which would be modified before starting the configuration servlet.

Fixed in master:

  • 18dec04095207ab9a9a4660191af0fec1bcc46da
  • 90143ffad6a20493219c67b55c57724afb4edfde
  • fe1f36dd601f5d8956cf6e1d9b1855b5ea755596

Man page will be updated in ticket #2318.

Metadata Update from @vakwetu:
- Issue assigned to edewata
- Issue set to the milestone: 10.3.1

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2398

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata