Ticket #170 (new defect) Opened 1 month ago Cert serial numbers need to be correctly generated for more than 2 masters Reported by: kmacmill Assigned to: kmacmill Priority: major Milestone: release-1 Component: ipa-server Version: Keywords: Cc: Description ΒΆ We need to store the last used certificate serial number somehow so that more than 2 replicas are setup with correctly generated certs. We could potentially leverage the starting numbers for dna.
This will be fixed in the patch for bug 431493. All certificates will be generated on the master and sent to each replica.
committed in changeset 621
qa verified, bug closed build used: 4-8-2008 daily build The following cmd performed to verify the certs: on ipa master: ipaserver-wrong[04/08/08 17:01] certutil -L -d /etc/dirsrv/slapd-IPAQA-COM/ -n "Server-Cert" | grep "Serial" Serial Number: 1001 (0x3e9) ipaserver-wrong[04/08/08 17:02] certutil -L -d /etc/httpd/alias/ -n "Server-Cert" | grep "Serial" Serial Number: 1002 (0x3ea) ipaserver-wrong[04/08/08 17:02] certutil -L -d /etc/httpd/alias/ -n "Signing-Cert" | grep Serial on replica server [root@replica64-1 alias]# certutil -L -d /etc/dirsrv/slapd-IPAQA-COM/ -n "Server-Cert" | grep "Serial" Serial Number: 1004 (0x3ec) [root@replica64-1 alias]# certutil -L -d /etc/httpd/alias/ -n "Server-Cert" | grep "Serial" Serial Number: 1005 (0x3ed)