Red Hat Bugzilla – Bug 747959
[RFE] Support random serial numbers in IPA certificates
Last modified: 2017-10-03 21:19:53 EDT
Description of problem:
If re-installing an IPA server, the SSL cert for the IPA admin UI will get the same serial number as before. Firefox will then refuse to connect to the site with the error code sec_error_reused_issuer_and_serial
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. ipa-server-install --uninstall
3. Connect to ipa server using firefox
Maybe the certificate can be in some way tied to the time-stamp? That would be an easy way of making it monotonically increasing.
*** Bug 1346993 has been marked as a duplicate of this bug. ***
This change won't make 7.4. Fixing in 7.5 depends on upstream capacity.