Check for minimum serial number range when using random serial numbers #2898

pki-bot · 2020-10-03T02:09:09Z

This issue was migrated from Pagure Issue #2778. Originally filed by mharmsen (@mharmsen) on 2017-07-06 20:47:32:

Assigned to nobody

When using random serial numbers:

pki_random_serial_numbers_enable=True

the following default pki serial number range is specified in '/etc/pki/default.cfg':

pki_serial_number_range_start=1
pki_serial_number_range_end=10000000

However, if the admin overrides this range in their user-provided pkispawn configuration file,
their specified range must consist of at least eight numbers (requiring four-bits), or installation will fail with a message such as:

. . .
pkispawn    : INFO     ....... configuring PKI configuration data.

Installation failed:
com.netscape.certsrv.base.PKIException: Error in setting certificate names and k
ey sizes: Range size is too small to support random certificate serial numbers.

Please check the CA logs in /var/log/pki/pki-tomcat/ca.

A side-effect of this error is that the un-configured pki server instance will remain running.

This ticket has been created to add a serial number range check into the python code of pkispawn when random serial numbers have been specified to prevent installation if an inadequate serial number range has been specified.

The text was updated successfully, but these errors were encountered:

pki-bot · 2020-10-03T02:09:09Z

Comment from mharmsen (@mharmsen) at 2017-07-06 20:48:15

Metadata Update from @mharmsen:

Custom field component adjusted to General
Custom field feature adjusted to ''
Custom field origin adjusted to Community
Custom field proposedmilestone adjusted to ''
Custom field proposedpriority adjusted to ''
Custom field reviewer adjusted to ''
Custom field type adjusted to defect
Custom field version adjusted to ''
Issue priority set to: minor
Issue set to the milestone: 10.5

pki-bot · 2020-10-03T02:09:10Z

Comment from mharmsen (@mharmsen) at 2017-10-25 18:52:52

[20171025] - Offline Triage ==> 10.6

pki-bot · 2020-10-03T02:09:11Z

Comment from mharmsen (@mharmsen) at 2017-10-25 18:52:56

Metadata Update from @mharmsen:

Issue set to the milestone: 10.6 (was: 10.5)

pki-bot added this to the 10.6 milestone Oct 3, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check for minimum serial number range when using random serial numbers #2898

Check for minimum serial number range when using random serial numbers #2898

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020

Check for minimum serial number range when using random serial numbers #2898

Check for minimum serial number range when using random serial numbers #2898

Comments

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020

pki-bot commented Oct 3, 2020