Setting-up custom "Serial Number" to the certificate

no-cool-name · July 10, 2023, 3:34pm

Due to a requirement, I was trying to setup custom Serial Number to the certificate. To do this I went through the document and found two set of information one is while creation of role and other while Generating certificate using a CSR.

While creating a role we can specify the allowed_serial_numbers
Create Role

Specify a serial_number while generating a cert using the role Generate Cert

But this does not allow me to get custom serial_number for the certificate.

Any insights in this regard will be really helpful.

maxb · July 10, 2023, 6:34pm

This sounds like exactly what you’re trying to do…

… so why is it not a solution for you?

maxb · July 10, 2023, 6:41pm

Oh, I see.

The options you found, relate to serial number as a kind of thing that can be in the subject distinguished name, or subject alternative names. I was not aware of that being a thing.

It appears that Vault always generates the serial number of the certificate via random number generation and does not permit this to be overridden.