dogtagpki

Clone
Source Code
GIT

#495 CA's automatic range management is broken when switching to new range in certificate repository.
Closed: Fixed None Opened 11 years ago by awnuk.

Closed: Fixed
Reopen Issue

CA's automatic range management is broken when switching to new range in certificate repository.

Here is dbs section of CS.cfg before range switch:

dbs.beginReplicaNumber=1
dbs.beginRequestNumber=1
dbs.beginSerialNumber=1
dbs.enableSerialManagement=true
dbs.endReplicaNumber=95
dbs.endRequestNumber=9990000
dbs.endSerialNumber=8000000
dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
dbs.nextBeginSerialNumber=20000001
dbs.nextEndSerialNumber=30000001
dbs.replicaCloneTransferNumber=5
dbs.replicaDN=ou=replica
dbs.replicaIncrement=100
dbs.replicaLowWaterMark=20
dbs.replicaRangeDN=ou=replica, ou=ranges
dbs.requestCloneTransferNumber=10000
dbs.requestDN=ou=ca, ou=requests
dbs.requestIncrement=10000000
dbs.requestLowWaterMark=2000000
dbs.requestRangeDN=ou=requests, ou=ranges
dbs.serialCloneTransferNumber=10000
dbs.serialDN=ou=certificateRepository, ou=ca
dbs.serialIncrement=10000000
dbs.serialLowWaterMark=2000000
dbs.serialRangeDN=ou=certificateRepository, ou=ranges

Here is dbs section of CS.cfg after range switch:

dbs.beginReplicaNumber=1
dbs.beginRequestNumber=1
dbs.beginSerialNumber=536870913
dbs.enableSerialManagement=true
dbs.endReplicaNumber=95
dbs.endRequestNumber=9990000
dbs.endSerialNumber=805306369
dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
dbs.replicaCloneTransferNumber=5
dbs.replicaDN=ou=replica
dbs.replicaIncrement=100
dbs.replicaLowWaterMark=20
dbs.replicaRangeDN=ou=replica, ou=ranges
dbs.requestCloneTransferNumber=10000
dbs.requestDN=ou=ca, ou=requests
dbs.requestIncrement=10000000
dbs.requestLowWaterMark=2000000
dbs.requestRangeDN=ou=requests, ou=ranges
dbs.serialCloneTransferNumber=10000
dbs.serialDN=ou=certificateRepository, ou=ca
dbs.serialIncrement=10000000
dbs.serialLowWaterMark=2000000
dbs.serialRangeDN=ou=certificateRepository, ou=ranges

Above issue can be solved by the following patch:

@@ -409,8 +475,8 @@ public abstract class Repository implements IRepository {
                 }

                 // persist the changes
-                mDB.setMinSerialConfig(mRepo, mMinSerialNo.toString());
-                mDB.setMaxSerialConfig(mRepo, mMaxSerialNo.toString());
+                mDB.setMinSerialConfig(mRepo, mMinSerialNo.toString(mRadix));
+                mDB.setMaxSerialConfig(mRepo, mMaxSerialNo.toString(mRadix));
                 mDB.setNextMinSerialConfig(mRepo, null);
                 mDB.setNextMaxSerialConfig(mRepo, null);
             } else {

Metadata Update from @awnuk:
- Issue assigned to awnuk
- Issue set to the milestone: Random Serial Numbers Effort
7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1066

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
major
None
None
None
defect
None
None
None
None
None
None
None
None
None
None
None
None
CA
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.