Configuring CA with Random Serial Numbers v3

Overview

This page describes the process to configure an existing CA with Random Serial Numbers v3.

Configuration

Stopping the Server

To stop the server:

$ pki-server stop --wait

Configuring Certificate Request ID Generator

To disable the legacy ID generator for certificate requests:

$ pki-server ca-config-unset dbs.beginRequestNumber
$ pki-server ca-config-unset dbs.endRequestNumber
$ pki-server ca-config-unset dbs.requestIncrement
$ pki-server ca-config-unset dbs.requestLowWaterMark
$ pki-server ca-config-unset dbs.requestCloneTransferNumber
$ pki-server ca-config-unset dbs.requestRangeDN

To enable the RSNv3 ID generator for certificate requests:

$ pki-server ca-config-set dbs.request.id.generator random
$ pki-server ca-config-set dbs.request.id.length 128

Configuring Certificate ID Generator

To disable the legacy certificate ID generator for certificates:

$ pki-server ca-config-unset dbs.beginSerialNumber
$ pki-server ca-config-unset dbs.endSerialNumber
$ pki-server ca-config-unset dbs.serialIncrement
$ pki-server ca-config-unset dbs.serialLowWaterMark
$ pki-server ca-config-unset dbs.serialCloneTransferNumber
$ pki-server ca-config-unset dbs.serialRangeDN

To enable the RSNv3 ID generator for certificates:

$ pki-server ca-config-set dbs.cert.id.generator random
$ pki-server ca-config-set dbs.cert.id.length 128

Restarting the Server

To restart the server:

$ pki-server start --wait

Tip	To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly