CA's automatic range management is broken by creating overlapping ranges.
Here is a sample of assigned ranges:
pki-ca: conf/CS.cfg:dbs.nextBeginSerialNumber=20000001 conf/CS.cfg:dbs.nextEndSerialNumber=30000001 pki-ca-clone: conf/CS.cfg:dbs.nextBeginSerialNumber=10000001 conf/CS.cfg:dbs.nextEndSerialNumber=20000001
Negotiated ranges are different from ranges assigned to CAs.
Here is a sample of negotiated ranges:
dn: cn=10000001,ou=certificateRepository,ou=ranges,dc=... objectClass: top objectClass: pkiRange beginRange: 10000001 endRange: 20000000 cn: 10000001 host: hostname SecurePort: 9544 dn: cn=20000001,ou=certificateRepository,ou=ranges,dc=... objectClass: top objectClass: pkiRange beginRange: 20000001 endRange: 30000000 cn: 20000001 host: <hostname> SecurePort: 9444
Fix included in the patch: https://www.redhat.com/archives/pki-devel/2013-February/msg00048.html
Metadata Update from @awnuk: - Issue assigned to awnuk - Issue set to the milestone: Random Serial Numbers Effort
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1067
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.