Installing CA with Sequential Serial Numbers v1 - dogtagpki/pki GitHub Wiki

Overview

This document describes the process to install CA with Sequential Serial Numbers v1.

Installation

To enable SSNv1 for request IDs, specify the following parameters:

  • pki_request_id_generator=legacy

  • pki_request_number_range_start=<decimal>

  • pki_request_number_range_end=<decimal>

  • pki_request_number_range_increment=<decimal>

  • pki_request_number_range_minimum=<decimal>

  • pki_request_number_range_transfer=<decimal>

To enable SSNv1 for certificate serial numbers, specify the following parameters:

  • pki_cert_id_generator=legacy

  • pki_serial_number_range_start=<hexadecimal>

  • pki_serial_number_range_end=<hexadecimal>

  • pki_serial_number_range_increment=<hexadecimal>

  • pki_serial_number_range_minimum=<hexadecimal>

  • pki_serial_number_range_transfer=<hexadecimal>

Notes:

  • The hexadecimal numbers should be specified without 0x prefix.

  • Due to a bug, the hexadecimal numbers cannot contain A to F.

  • The increment, minimum, and transfer parameters are only available in PKI 10.6 or later.

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️