Check for minimum serial number range when using random serial numbers

[pki-bot]

This issue was migrated from Pagure Issue #2778. Originally filed by mharmsen (@mharmsen) on 2017-07-06 20:47:32:

• Assigned to nobody

---

When using random serial numbers:

pki_random_serial_numbers_enable=True

the following default pki serial number range is specified in '/etc/pki/default.cfg':

pki_serial_number_range_start=1
pki_serial_number_range_end=10000000

However, if the admin overrides this range in their user-provided pkispawn configuration file, their specified range must consist of at least eight numbers (requiring four-bits), or installation will fail with a message such as:

. . .
pkispawn    : INFO     ....... configuring PKI configuration data.

Installation failed:
com.netscape.certsrv.base.PKIException: Error in setting certificate names and k
ey sizes: Range size is too small to support random certificate serial numbers.

Please check the CA logs in /var/log/pki/pki-tomcat/ca.

A side-effect of this error is that the un-configured pki server instance will remain running.

This ticket has been created to add a serial number range check into the python code of pkispawn when random serial numbers have been specified to prevent installation if an inadequate serial number range has been specified.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-07-06 20:48:15

Metadata Update from @mharmsen:

• Custom field component adjusted to General
• Custom field feature adjusted to ''
• Custom field origin adjusted to Community
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field type adjusted to defect
• Custom field version adjusted to ''
• Issue priority set to: minor
• Issue set to the milestone: 10.5

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-10-25 18:52:52

[20171025] - Offline Triage ==> 10.6

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-10-25 18:52:56

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.6 (was: 10.5)