Configuring CA with Random Serial Numbers v1 - dogtagpki/pki GitHub Wiki

Enabling RSNv1

To enable automatic serial number range management either modify CS.cfg by setting

dbs.enableSerialManagement=true

then restart CA or go console and enable automatic serial number range management from console UI

Enable automatic serial number range management

Random certificate serial numbers can be enabled once automatic serial number range management is on. This can be done by setting

dbs.enableRandomSerialNumbers=true

in CS.cfg and restarting CA or simply by enabling random certificate serial numbers from console UI

Enable random certificate serial numbers

Once random certificate serial numbers, console UI should show the following information:

Enable random certificate serial numbers

Note: It is safer to use console when switching between sequential and random method of certificate serial number assignment.

Enabling RSNv1 without Console

Here are steps allowing to enable random certificate serial numbers without console:

  • Stop CA

  • Set enableRandomSerialNumbers to true

dbs.enableRandomSerialNumbers=true

  • Set forceModeChange to true

dbs.forceModeChange=true

  • Start CA

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️