OpenSolaris

Printable Version Enter a New Search
Bug ID 6612107
Synopsis pktool list objtype=cert Serial: oddity
State 10-Fix Delivered (Fix available in build)
Category:Subcategory solaris-crypto:key_mgmt_tools
Keywords
Responsible Engineer Wyllys Ingersoll
Reported Against snv_60
Duplicate Of
Introduced In solaris_nevada
Commit to Fix snv_76
Fixed In snv_76
Release Fixed solaris_nevada(snv_76)
Related Bugs
Submit Date 2-October-2007
Last Update Date 29-October-2007
Description 
I used pktool to create a self-signed cert:
   pktool gencert keystore=file \
    outcert=etc/certs/Bogus \
    outkey=etc/keys/Bogus \
    subject="CN=Bogus,OU=Solaris Cryptographic Framework,O=Sun Microsystems" \
    serial=0x9999

I wanted to see the results.  The invocation:
    pktools list keystore=file objtype=cert dir=etc/certs
displays in part:

 16. (X.509 certificate)
         Filename: etc/certs/Bogus
         ID: 55:83:45:b4:f5:b0:66:71:b2:99:4d:19:59:40:9a:dd:bf:3d:bf:f0
         Subject: O= xxxxx OU=Solaris Cryptographic Framework, CN=Bogus
         Issuer: O= xxxxx OU=Solaris Cryptographic  Framework, CN=Bogus                 Serial: 0x-6667

Please note the Serial value.
The pktool manpage (my sole source of information on
certificate serial numbers) says:
     serial=hex-serial-number 
         Specifies a unique serial number for a certificate.  The
         serial number must be specified as a hex value. Example:
         0x0102030405060708090a0b0c0d0e0f

There's nothing there to suggest that the serial is to be treated as
a 2's complement signed number.  Further, pktool gencert with
    ... serial=0x-6667 ...
just gives a usage message.
Work Around 
N/A
Comments 
N/A