Configuring CA with Random Serial Numbers v1
To enable automatic serial number range management either modify CS.cfg by setting
dbs.enableSerialManagement=true
then restart CA or go console and enable automatic serial number range management from console UI
Random certificate serial numbers can be enabled once automatic serial number range management is on. This can be done by setting
dbs.enableRandomSerialNumbers=true
in CS.cfg and restarting CA or simply by enabling random certificate serial numbers from console UI
Once random certificate serial numbers, console UI should show the following information:
Note: It is safer to use console when switching between sequential and random method of certificate serial number assignment.
Here are steps allowing to enable random certificate serial numbers without console:
-
Stop CA
-
Set enableRandomSerialNumbers to true
dbs.enableRandomSerialNumbers=true
-
Set forceModeChange to true
dbs.forceModeChange=true
-
Start CA