-
Notifications
You must be signed in to change notification settings - Fork 139
Configuring KRA with Random Serial Numbers v3
Endi S. Dewata edited this page Mar 16, 2022
·
11 revisions
This page describes the process to switch the ID generators in an existing KRA from the legacy Sequential Serial Numbers to Random Serial Numbers v3.
|
Warning
|
Switching back from Random Serial Numbers v3 to the legacy Sequential Serial Numbers is not supported. |
To disable the legacy ID generator for key requests:
$ pki-server kra-config-unset dbs.beginRequestNumber $ pki-server kra-config-unset dbs.endRequestNumber $ pki-server kra-config-unset dbs.requestIncrement $ pki-server kra-config-unset dbs.requestLowWaterMark $ pki-server kra-config-unset dbs.requestCloneTransferNumber $ pki-server kra-config-unset dbs.requestRangeDN
To enable the RSNv3 ID generator for key requests:
$ pki-server kra-config-set dbs.request.id.generator random $ pki-server kra-config-set dbs.request.id.length 128
To disable the legacy ID generator for keys:
$ pki-server kra-config-unset dbs.beginSerialNumber $ pki-server kra-config-unset dbs.endSerialNumber $ pki-server kra-config-unset dbs.serialIncrement $ pki-server kra-config-unset dbs.serialLowWaterMark $ pki-server kra-config-unset dbs.serialCloneTransferNumber $ pki-server kra-config-unset dbs.serialRangeDN
To enable the RSNv3 ID generator for keys:
$ pki-server kra-config-set dbs.key.id.generator random $ pki-server kra-config-set dbs.key.id.length 128
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |