Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CA's automatic range management is broken when switching to new range in certificate repository. #1066

Closed
pki-bot opened this issue Oct 2, 2020 · 2 comments
Closed

CA's automatic range management is broken when switching to new range in certificate repository. #1066

pki-bot opened this issue Oct 2, 2020 · 2 comments
Labels
Closed: Fixed
Milestone
Random Serial Num...

Comments

@pki-bot
Copy link

pki-bot commented Oct 2, 2020

This issue was migrated from Pagure Issue #495. Originally filed by awnuk (@awnuk) on 2013-01-31 23:33:16:

CA's automatic range management is broken when switching to new range in certificate repository.

Here is dbs section of CS.cfg before range switch:

dbs.beginReplicaNumber=1
dbs.beginRequestNumber=1
dbs.beginSerialNumber=1
dbs.enableSerialManagement=true
dbs.endReplicaNumber=95
dbs.endRequestNumber=9990000
dbs.endSerialNumber=8000000
dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
dbs.nextBeginSerialNumber=20000001
dbs.nextEndSerialNumber=30000001
dbs.replicaCloneTransferNumber=5
dbs.replicaDN=ou=replica
dbs.replicaIncrement=100
dbs.replicaLowWaterMark=20
dbs.replicaRangeDN=ou=replica, ou=ranges
dbs.requestCloneTransferNumber=10000
dbs.requestDN=ou=ca, ou=requests
dbs.requestIncrement=10000000
dbs.requestLowWaterMark=2000000
dbs.requestRangeDN=ou=requests, ou=ranges
dbs.serialCloneTransferNumber=10000
dbs.serialDN=ou=certificateRepository, ou=ca
dbs.serialIncrement=10000000
dbs.serialLowWaterMark=2000000
dbs.serialRangeDN=ou=certificateRepository, ou=ranges

Here is dbs section of CS.cfg after range switch:

dbs.beginReplicaNumber=1
dbs.beginRequestNumber=1
dbs.beginSerialNumber=536870913
dbs.enableSerialManagement=true
dbs.endReplicaNumber=95
dbs.endRequestNumber=9990000
dbs.endSerialNumber=805306369
dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
dbs.replicaCloneTransferNumber=5
dbs.replicaDN=ou=replica
dbs.replicaIncrement=100
dbs.replicaLowWaterMark=20
dbs.replicaRangeDN=ou=replica, ou=ranges
dbs.requestCloneTransferNumber=10000
dbs.requestDN=ou=ca, ou=requests
dbs.requestIncrement=10000000
dbs.requestLowWaterMark=2000000
dbs.requestRangeDN=ou=requests, ou=ranges
dbs.serialCloneTransferNumber=10000
dbs.serialDN=ou=certificateRepository, ou=ca
dbs.serialIncrement=10000000
dbs.serialLowWaterMark=2000000
dbs.serialRangeDN=ou=certificateRepository, ou=ranges
@pki-bot pki-bot added this to the Random Serial Numbers Effort milestone Oct 2, 2020
@pki-bot pki-bot closed this as completed Oct 2, 2020
@pki-bot
Copy link
Author

pki-bot commented Oct 2, 2020

Comment from awnuk (@awnuk) at 2013-01-31 23:36:07

Above issue can be solved by the following patch:

@@ -409,8 +475,8 @@ public abstract class Repository implements IRepository {
                 }
 
                 // persist the changes
-                mDB.setMinSerialConfig(mRepo, mMinSerialNo.toString());
-                mDB.setMaxSerialConfig(mRepo, mMaxSerialNo.toString());
+                mDB.setMinSerialConfig(mRepo, mMinSerialNo.toString(mRadix));
+                mDB.setMaxSerialConfig(mRepo, mMaxSerialNo.toString(mRadix));
                 mDB.setNextMinSerialConfig(mRepo, null);
                 mDB.setNextMaxSerialConfig(mRepo, null);
             } else {

@pki-bot
Copy link
Author

pki-bot commented Oct 2, 2020

Comment from awnuk (@awnuk) at 2017-02-27 14:05:53

Metadata Update from @awnuk:

  • Issue assigned to awnuk
  • Issue set to the milestone: Random Serial Numbers Effort

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Closed: Fixed
Projects
None yet
Milestone
Random Serial Numbers Effort
Development

No branches or pull requests
1 participant
@pki-bot