-
Notifications
You must be signed in to change notification settings - Fork 139
Installing KRA with Random Serial Numbers v3
This page describes the process to install a KRA subsystem with random serial numbers in PKI 11.2 or later.
To install KRA with random serial numbers, follow the normal KRA installation procedure, then specify the following parameter:
To use random key IDs, add the following parameters in the [KRA] section:
pki_key_id_generator=random
The key ID length (in bits) can be specified in pki_key_id_length parameter. The default is 160 bits.
To use random key request IDs, add the following parameters in the [KRA] section:
pki_request_id_generator=random
The key request ID length (in bits) can be specified in pki_request_id_length parameter. The default is 160 bits.
Perform a Key Archival or a Certificate Enrollment with Key Archival. The keys will have random IDs, for example:
$ pki -n admin kra-key-find ---------------- 1 key(s) matched ---------------- Key ID: 0x2f878a4af02f0001ed8a0dc89d842cdc5ab86a84 ... ---------------------------- Number of entries returned 1 ----------------------------
The key requests will also have random IDs, for example:
$ pki -n admin kra-key-request-find ----------------- 1 entries matched ----------------- Request ID: 0xd53e7370514171a67b8c58c8e9c0426a2bb1b462 ... ---------------------------- Number of entries returned 1 ----------------------------
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |