Serial number does not fall in the range when serial number range and random serial number is enabled in the installation file
Steps to Reproduce:
1. pkispawn CA with the following installation file (I was attempting migration) [root@nocp1 ~]# cat rpattath/ca-migration.cfg [DEFAULT] pki_instance_name=pki-tomcat-ca-rpattath pki_user=pkiuser pki_group=pkiuser pki_audit_group=pkiaudit pki_https_port=30042 pki_http_port=30044 #NSS DB Token Password pki_hsm_enable=True pki_hsm_libfile=/opt/nfast/toolkits/pkcs11/libcknfast.so pki_hsm_modulename=nfast pki_token_name=NHSM6000-OCS pki_token_password= #Admin Password pki_admin_password= pki_client_pkcs12_password= pki_ds_ldap_port=1604 pki_ds_bind_dn=cn=Database Manager pki_ds_password= pki_ds_remove_data=True pki_existing=True pki_ds_secure_connection=True pki_ds_ldaps_port=1605 pki_ds_secure_connection_ca_pem_file=/tmp/ca_cert.pem [Tomcat] pki_ajp_port=30009 pki_tomcat_server_port=30005 [CA] pki_ca_signing_csr_path=/root/rpattath/ca_signing.csr pki_ca_signing_cert_path=/root/rpattath/ca_signing.crt pki_ca_signing_nickname=caSigningCert cert-pki-ca-rpattath pki_ca_signing_token=NHSM6000-OCS pki_pin= pki_ds_hostname=nocp1.idm.lab.eng.rdu2.redhat.com pki_ds_base_dn=dc=nocp9.idm.lab.eng.rdu2.redhat.com-pki-ca-rpattath pki_ds_database=nocp9.idm.lab.eng.rdu2.redhat.com-pki-ca-rpattath pki_serial_number_range_start=50 pki_request_number_range_start=100 pki_random_serial_numbers_enable=True pki_master_crl_enable=False pki_skip_installation=True
Actual results:
None of the serial numbers of system certs generated after pkispawn falls in the range specified
Expected results:
The random serial number must fall in the range specified
Metadata Update from @mharmsen: - Custom field component adjusted to General - Custom field feature adjusted to '' - Custom field origin adjusted to Community - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1461441 - Custom field type adjusted to defect - Custom field version adjusted to '' - Issue priority set to: critical
Metadata Update from @mharmsen: - Issue assigned to jmagne
Issue discovered to be a configuration issue and not a bug.
Metadata Update from @jmagne: - Issue close_status updated to: invalid - Issue set to the milestone: 10.4.10 (was: 10.4) - Issue status updated to: Closed (was: Open)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2859
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Log in to comment on this ticket.