Issuing Certificate Serial Number

[budulinek]

Serial Number for the Issuing Cert is set to 1000 (see /home/labca/admin/data/serial ). This causes problems when re-installing LabCA.

how to reproduce:

• fresh LabCA installation
• upload existing Root Cert
• generate new Issuing Cert 1 (will get serial number 1000)
• finish setup, LabCA will issue server cert (using Issuing Cert)
• kill LabCA
• fresh Labca Installation
• upload existing Root Cert
• generate new Issuing Cert 2 (again, this cert will get serial number 1000)
• finish setup, LabCA will issue server cert (using Issuing Cert 2)
• Firefox refuses to load LabCA web page, complaining that "Your certificate contains the same serial number as another certificate issued by the certificate authority." ( https://support.mozilla.org/en-US/kb/Certificate-contains-the-same-serial-number-as-another-certificate )
• Check Certificate Manager in Firefox and you will see that Firefox has already imported Issuing Cert 1 (with sernumber 1000). Now it refuses to load Server cert + Issuing Cert 2 with the same sernumber

Solution: use random serial number when generating Issuing Cert.

Thanks a lot!