Configuring SerialNumberUpdateJob - dogtagpki/pki GitHub Wiki

Overview

This page describes the process to configure SerialNumberUpdateJob for Sequential Serial Numbers in PKI 11.6 or later.

Warning
 SerialNumberUpdateJob and SerialNumberUpdateTask should not be enabled at the same time.

Configuration

The configuration is stored in /var/lib/pki/pki-tomcat/conf/ca/CS.cfg. It is necessary to restart the CA after making configuration changes.

Enabling SerialNumberUpdateJob

By default the job is disabled. To enable the job:

$ pki-server ca-config-set jobsScheduler.job.serialNumberUpdate.enabled true

Trigger

Manual Trigger

To trigger the job manually, ensure the admin’s certificate is installed on the client, then execute the following command:

$ pki -n <nickname> ca-job-start serialNumberUpdate

Automatic Trigger

To trigger the job automatically using the internal scheduler, add the following parameter, then restart the CA:

$ pki-server ca-config-set jobsScheduler.job.serialNumberUpdate.cron "0 * * * *"

In the above example the job is scheduled to run at every hour.

Alternatively, the job can also be triggered using an external scheduler (e.g. cron). Ensure the admin’s certificate is installed on the client, then configure the scheduler to execute the following command:

$ pki -n <nickname> ca-job-start serialNumberUpdate

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️