Random serial number on clone CA is not enabled after required configuration changes are made to master CA CS.cfg

pki-bot / pki-issues-final

0 stars 0 forks source link

Random serial number on clone CA is not enabled after required configuration changes are made to master CA CS.cfg #1696

Open pki-bot opened 3 years ago

pki-bot commented 3 years ago

This issue was migrated from Pagure Issue #1708. Originally filed by rpattath (@rpattath) on 2015-12-07 19:02:06:

Assigned to vakwetu (@vakwetu)

Random serial number on clone CA is not enabled after required configuration changes are made to master CA CS.cfg

Steps to Reproduce:

1. Configure master and clone CA
2. stop master CA service
3. Enable random serial number on master CA by changing the following
parameters
dbs.enableRandomSerialNumbers=true
dbs.forceModeChange=true
dbs.randomSerialNumberCounter=-2
4. start master CA service
5. random serial number is successfully enabled on the master CA
6. Wait for the certificate repository maintenance thread to be run

Actual results:

random serial number is not enabled on the clone CA after the thread is run.

Expected results:

random serial number should be enabled on the clone CA after the thread is run.

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2015-12-08 18:53:12

On December 7, 2015, rpattath confirmed the following work-around:

If random serial number is manually enabled on the clone CA by editing CS.cfg,
the random serial number is generated for every cert issued after that.

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2015-12-08 18:55:24

Per the documented work-around in comment 2 above, and by proposal made in CS/DS meeting of 12/07/2015: 10.3 - minor

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2016-12-01 21:13:53

Per Offline Triage of 11/30/2016-12/01/2016: FUTURE - major

pki-bot commented 3 years ago

Comment from rpattath (@rpattath) at 2017-02-27 14:05:42

Metadata Update from @rpattath:

Issue assigned to vakwetu
Issue set to the milestone: FUTURE

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2018-04-23 21:05:02

Per 10.5.x/10.6 Triage: FUTURE

RHBZ: CLOSED UPSTREAM

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2018-04-23 21:05:03

Metadata Update from @mharmsen:

Custom field feature adjusted to None
Custom field proposedmilestone adjusted to None
Custom field proposedpriority adjusted to None
Custom field reviewer adjusted to None
Custom field rhbz reset (from https://bugzilla.redhat.com/show_bug.cgi?id=1286834)
Custom field version adjusted to None
Issue close_status updated to: None