Setting-up custom "Serial Number" to the certificate

no-cool-name · July 10, 2023, 3:34pm

Due to a requirement, I was trying to setup custom Serial Number to the certificate. To do this I went through the document and found two set of information one is while creation of role and other while Generating certificate using a CSR.

While creating a role we can specify the allowed_serial_numbers
Create Role

Specify a serial_number while generating a cert using the role Generate Cert

But this does not allow me to get custom serial_number for the certificate.

Any insights in this regard will be really helpful.

maxb · July 10, 2023, 6:34pm

This sounds like exactly what you’re trying to do…

… so why is it not a solution for you?

maxb · July 10, 2023, 6:41pm

Oh, I see.

The options you found, relate to serial number as a kind of thing that can be in the subject distinguished name, or subject alternative names. I was not aware of that being a thing.

It appears that Vault always generates the serial number of the certificate via random number generation and does not permit this to be overridden.

Topic		Replies	Views
How to add custom fields/attributes in x509 certificate issuance in PKI Vault k8s , connect , hcp-terraform , vault , azure , consul	0	18	November 22, 2024
PKI: In a role, how can I set/add certain cert fields as part of the issuance? Vault vault	0	301	August 4, 2022
Custom PKI Advice (Custom Certificate Format) Vault	4	252	June 9, 2022
Cannot find how to set a custom OU while issuing a certificate with Vault PKI Vault	0	167	April 12, 2024
Custom Secret-id using CLI? Vault	1	212	June 1, 2023

Setting-up custom "Serial Number" to the certificate

Related topics