Bug 430034 - Cert serial numbers need to be correctly generated for more than 2 masters
Summary: Cert serial numbers need to be correctly generated for more than 2 masters
Status: CLOSED ERRATA
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server   
(Show other bugs)
Version: 1.0
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Keywords:
Depends On: 431493
Blocks: freeipa10 429034
TreeView+ depends on / blocked
 
Reported: 2008-01-24 07:15 UTC by Chandrasekar Kannan
Modified: 2012-03-27 07:13 UTC (History)
5 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-27 07:13:58 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Chandrasekar Kannan 2008-01-24 07:15:50 UTC
Ticket #170 (new defect)

Opened 1 month ago
Cert serial numbers need to be correctly generated for more than 2 masters
Reported by: 	kmacmill 	Assigned to: 	kmacmill
Priority: 	major 	Milestone: 	release-1
Component: 	ipa-server 	Version: 	
Keywords: 		Cc: 	
Description ¶

We need to store the last used certificate serial number somehow so that more than 2 replicas are setup with correctly generated certs. We could potentially leverage the starting numbers for dna.

Comment 3 Rob Crittenden 2008-02-05 16:05:51 UTC
This will be fixed in the patch for bug 431493.

All certificates will be generated on the master and sent to each replica.

Comment 4 Rob Crittenden 2008-02-05 18:54:19 UTC
committed in changeset 621

Comment 5 Yi Zhang 2008-04-09 00:37:50 UTC
qa verified, bug closed
build used: 4-8-2008 daily build

The following cmd performed to verify the certs:

on ipa master: 
ipaserver-wrong[04/08/08 17:01] certutil -L -d /etc/dirsrv/slapd-IPAQA-COM/ -n
"Server-Cert" | grep "Serial"
        Serial Number: 1001 (0x3e9)
ipaserver-wrong[04/08/08 17:02] certutil -L -d /etc/httpd/alias/ -n
"Server-Cert" | grep "Serial"
        Serial Number: 1002 (0x3ea)
ipaserver-wrong[04/08/08 17:02] certutil -L -d /etc/httpd/alias/ -n
"Signing-Cert" | grep Serial

on replica server
[root@replica64-1 alias]# certutil -L -d /etc/dirsrv/slapd-IPAQA-COM/ -n
"Server-Cert" | grep "Serial"
        Serial Number: 1004 (0x3ec)
[root@replica64-1 alias]# certutil -L -d /etc/httpd/alias/ -n "Server-Cert" |
grep "Serial"
        Serial Number: 1005 (0x3ed)


Note You need to log in before you can comment on or make changes to this bug.