Have unique serial number for certs

When creating a self generated certificate, we should have unique serial numbers. The upper limit for serial is 2^160 but in the changes i am keeping it 30 as otherwise it will just be a really long number which is hard to access and it has a low probability that we have 2 self signed certificates generated by us with same serial number.
truenas · Apr 27, 2021 · 3909aea · 3909aea
1 parent 106603d
commit 3909aea
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/middlewared/middlewared/plugins/crypto.py b/src/middlewared/middlewared/plugins/crypto.py
@@ -823,7 +823,7 @@ def generate_builder(self, options):
                 not_valid_before
             ).not_valid_after(
                 not_valid_after
-            ).serial_number(options.get('serial') or 1)
+            ).serial_number(options.get('serial') or random.randint(1000, pow(2, 30)))
 
         if san:
             cert = cert.add_extension(san, False)