labca
labca copied to clipboard
Issuing Certificate Serial Number
Serial Number for the Issuing Cert is set to 1000 (see /home/labca/admin/data/serial ). This causes problems when re-installing LabCA.
how to reproduce:
- fresh LabCA installation
- upload existing Root Cert
- generate new Issuing Cert 1 (will get serial number 1000)
- finish setup, LabCA will issue server cert (using Issuing Cert)
- kill LabCA
- fresh Labca Installation
- upload existing Root Cert
- generate new Issuing Cert 2 (again, this cert will get serial number 1000)
- finish setup, LabCA will issue server cert (using Issuing Cert 2)
- Firefox refuses to load LabCA web page, complaining that "Your certificate contains the same serial number as another certificate issued by the certificate authority." ( https://support.mozilla.org/en-US/kb/Certificate-contains-the-same-serial-number-as-another-certificate )
- Check Certificate Manager in Firefox and you will see that Firefox has already imported Issuing Cert 1 (with sernumber 1000). Now it refuses to load Server cert + Issuing Cert 2 with the same sernumber
Solution: use random serial number when generating Issuing Cert.
Thanks a lot!