Bug 430034 - Cert serial numbers need to be correctly generated for more than 2 masters
Cert serial numbers need to be correctly generated for more than 2 masters
Status: CLOSED ERRATA
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
1.0
All Linux
high Severity high
: ---
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
:
Depends On: 431493
Blocks: freeipa10 429034
  Show dependency treegraph
 
Reported: 2008-01-24 02:15 EST by Chandrasekar Kannan
Modified: 2012-03-27 03:13 EDT (History)
5 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-27 03:13:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chandrasekar Kannan 2008-01-24 02:15:50 EST
Ticket #170 (new defect)

Opened 1 month ago
Cert serial numbers need to be correctly generated for more than 2 masters
Reported by: 	kmacmill 	Assigned to: 	kmacmill
Priority: 	major 	Milestone: 	release-1
Component: 	ipa-server 	Version: 	
Keywords: 		Cc: 	
Description ΒΆ

We need to store the last used certificate serial number somehow so that more than 2 replicas are setup with correctly generated certs. We could potentially leverage the starting numbers for dna.
Comment 3 Rob Crittenden 2008-02-05 11:05:51 EST
This will be fixed in the patch for bug 431493.

All certificates will be generated on the master and sent to each replica.
Comment 4 Rob Crittenden 2008-02-05 13:54:19 EST
committed in changeset 621
Comment 5 Yi Zhang 2008-04-08 20:37:50 EDT
qa verified, bug closed
build used: 4-8-2008 daily build

The following cmd performed to verify the certs:

on ipa master: 
ipaserver-wrong[04/08/08 17:01] certutil -L -d /etc/dirsrv/slapd-IPAQA-COM/ -n
"Server-Cert" | grep "Serial"
        Serial Number: 1001 (0x3e9)
ipaserver-wrong[04/08/08 17:02] certutil -L -d /etc/httpd/alias/ -n
"Server-Cert" | grep "Serial"
        Serial Number: 1002 (0x3ea)
ipaserver-wrong[04/08/08 17:02] certutil -L -d /etc/httpd/alias/ -n
"Signing-Cert" | grep Serial

on replica server
[root@replica64-1 alias]# certutil -L -d /etc/dirsrv/slapd-IPAQA-COM/ -n
"Server-Cert" | grep "Serial"
        Serial Number: 1004 (0x3ec)
[root@replica64-1 alias]# certutil -L -d /etc/httpd/alias/ -n "Server-Cert" |
grep "Serial"
        Serial Number: 1005 (0x3ed)

Note You need to log in before you can comment on or make changes to this bug.