Enable RSNv3 by default

The default.cfg has been updated such that new CA and KRA
installations will have RSNv3 enabled by default. Existing
installations will not be affected.

The tests have been updated to no longer enable RSNv3
explicitly since it's redundant.

The test for CA with CMC shared token has been updated to
handle large serial numbers.

The test for CA with RSNv1 has been updated to explicitly
use the legacy ID generators.

Resolves: https://issues.redhat.com/browse/RHCS-3689

.github/workflows/acme-certbot-test.yml

@@ -55,8 +55,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Install CA admin cert

.github/workflows/acme-postgresql-test.yml

@@ -54,8 +54,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Install CA admin cert

.github/workflows/acme-switchover-test.yml

@@ -55,8 +55,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Set up ACME database in DS container

.github/workflows/ca-admin-user-test.yml

@@ -53,8 +53,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check CA users

.github/workflows/ca-basic-test.yml

@@ -54,8 +54,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check CA certs and keys

.github/workflows/ca-clone-hsm-test.yml

@@ -85,8 +85,6 @@ jobs:
               -D pki_audit_signing_token=HSM \
               -D pki_subsystem_token=HSM \
               -D pki_sslserver_token=internal \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check system certs in internal token
@@ -173,8 +171,6 @@ jobs:
               -D pki_audit_signing_token=HSM \
               -D pki_subsystem_token=HSM \
               -D pki_sslserver_token=internal \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check system certs in internal token
@@ -344,8 +340,6 @@ jobs:
               -D pki_subsystem_token=HSM \
               -D pki_subsystem_csr_path=${SHARED}/subsystem.csr \
               -D pki_sslserver_token=internal \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check system certs in internal token

.github/workflows/ca-clone-replicated-ds-test.yml

@@ -55,8 +55,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://primaryds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -D pki_client_admin_cert_p12=$SHARED/caadmin.p12 \
               -v
 
@@ -252,8 +250,6 @@ jobs:
               -D pki_clone_pkcs12_password=Secret.123 \
               -D pki_ds_url=ldap://secondaryds.example.com:3389 \
               -D pki_ds_setup=False \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check system certs in primary CA and secondary CA

.github/workflows/ca-clone-secure-ds-test.yml

@@ -105,8 +105,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca-secure-ds-primary.cfg \
               -s CA \
               -D pki_ds_url=ldaps://primaryds.example.com:3636 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
           docker exec primary pki-server cert-find
@@ -217,8 +215,6 @@ jobs:
               -D pki_cert_chain_path=${SHARED}/ca_signing.crt \
               -D pki_clone_pkcs12_path=${SHARED}/ca-certs.p12 \
               -D pki_ds_url=ldaps://secondaryds.example.com:3636 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
           docker exec secondary pki-server cert-find
@@ -270,8 +266,6 @@ jobs:
               -D pki_cert_chain_path=${SHARED}/ca_signing.crt \
               -D pki_clone_pkcs12_path=${SHARED}/ca-certs.p12 \
               -D pki_ds_url=ldaps://secondaryds.example.com:3636 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Gather artifacts from primary containers

.github/workflows/ca-clone-shared-ds-test.yml

@@ -54,8 +54,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Export certs and keys from primary CA
@@ -89,8 +87,6 @@ jobs:
               -D pki_clone_pkcs12_password=Secret.123 \
               -D pki_ds_url=ldap://ds.example.com:3389 \
               -D pki_ds_setup=False \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check system certs in primary CA and secondary CA

.github/workflows/ca-clone-test.yml

@@ -54,8 +54,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://primaryds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
           docker exec primary pki-server cert-find
@@ -107,8 +105,6 @@ jobs:
               -D pki_clone_pkcs12_path=${SHARED}/ca-certs.p12 \
               -D pki_clone_pkcs12_password=Secret.123 \
               -D pki_ds_url=ldap://secondaryds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
           docker exec secondary pki-server cert-find
@@ -256,8 +252,6 @@ jobs:
               -D pki_audit_signing_csr_path=${SHARED}/ca_audit_signing.csr \
               -D pki_subsystem_csr_path=${SHARED}/subsystem.csr \
               -D pki_ds_url=ldap://tertiaryds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
           docker exec tertiary pki-server cert-find

.github/workflows/ca-cmc-shared-token-test.yml

@@ -277,7 +277,7 @@ jobs:
           HEX_SERIAL=$(cat testuser.serial)
           echo "Hex serial: $HEX_SERIAL"
 
-          DEC_SERIAL=$((16#${HEX_SERIAL:2}))
+          DEC_SERIAL=$(python -c "print(int('$HEX_SERIAL', 16))")
           echo "Dec serial: $DEC_SERIAL"
 
           SHARED_TOKEN=$(cat token.txt)

.github/workflows/ca-crl-test.yml

@@ -59,8 +59,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Configure caUserCert profile

.github/workflows/ca-ds-connection-test.yml

@@ -54,8 +54,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
           docker exec pki pki-server ca-config-set internaldb.minConns 0
           docker exec pki pki-server restart --wait

.github/workflows/ca-ecc-test.yml

@@ -54,8 +54,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca-ecc.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -D pki_enable_access_log=False \
               -v
 

.github/workflows/ca-existing-certs-test.yml

@@ -232,8 +232,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -D pki_external=True \
               -D pki_external_step_two=False \
               -v
@@ -242,8 +240,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -D pki_external=True \
               -D pki_external_step_two=True \
               -D pki_pkcs12_path=ca-certs.p12 \

.github/workflows/ca-existing-ds-test.yml

@@ -221,8 +221,6 @@ jobs:
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
               -D pki_ds_setup=False \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Run PKI healthcheck

.github/workflows/ca-existing-hsm-test.yml

@@ -345,8 +345,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -D pki_existing=True \
               -D pki_hsm_enable=True \
               -D pki_token_name=HSM \

.github/workflows/ca-existing-nssdb-test.yml

@@ -246,8 +246,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -D pki_existing=True \
               -D pki_ca_signing_csr_path=ca_signing.csr \
               -D pki_ocsp_signing_csr_path=ca_ocsp_signing.csr \

.github/workflows/ca-hsm-test.yml

@@ -83,8 +83,6 @@ jobs:
               -D pki_audit_signing_token=HSM \
               -D pki_subsystem_token=HSM \
               -D pki_sslserver_token=internal \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check system certs in internal token

.github/workflows/ca-non-default-user-test.yml

@@ -63,8 +63,6 @@ jobs:
               -D pki_user=pki \
               -D pki_group=pki \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check PKI server process

.github/workflows/ca-notification-request-test.yml

@@ -66,8 +66,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       # https://github.com/dogtagpki/pki/wiki/Configuring-Notifications

.github/workflows/ca-nuxwdog-test.yml

@@ -53,8 +53,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check CA

.github/workflows/ca-profile-caDirUserCert-test.yml

@@ -87,8 +87,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Configure UserDirEnrollment

.github/workflows/ca-profile-caServerCert-test.yml

@@ -53,8 +53,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Configure caServerCert profile

.github/workflows/ca-pruning-test.yml

@@ -53,8 +53,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_request_id_generator=random \
-              -D pki_cert_id_generator=random \
               -v
 
       - name: Configure server cert profile

.github/workflows/ca-publishing-ca-cert-test.yml

@@ -54,8 +54,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Export CA cert

.github/workflows/ca-publishing-crl-file-test.yml

@@ -59,8 +59,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Configure file-based CRL publishing

.github/workflows/ca-publishing-crl-ldap-test.yml

@@ -59,8 +59,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Prepare CRL publishing subtree

.github/workflows/ca-publishing-user-cert-test.yml

@@ -53,8 +53,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Prepare publishing subtree

.github/workflows/ca-rsa-pss-test.yml

@@ -64,8 +64,6 @@ jobs:
               -D pki_subsystem_key_algorithm=SHA384withRSA/PSS \
               -D pki_sslserver_key_algorithm=SHA384withRSA/PSS \
               -D pki_admin_key_algorithm=SHA384withRSA/PSS \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check system cert keys

.github/workflows/ca-rsa-test.yml

@@ -62,8 +62,6 @@ jobs:
               -D pki_subsystem_key_algorithm=SHA384withRSA \
               -D pki_sslserver_key_algorithm=SHA384withRSA \
               -D pki_admin_key_algorithm=SHA384withRSA \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -D pki_enable_access_log=False \
               -v
 

.github/workflows/ca-rsnv1-test.yml

@@ -54,6 +54,8 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
+              -D pki_cert_id_generator=legacy \
+              -D pki_request_id_generator=legacy \
               -D pki_random_serial_numbers_enable=True \
               -v
 

.github/workflows/ca-secure-ds-test.yml

@@ -104,8 +104,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca-secure-ds.cfg \
               -s CA \
               -D pki_ds_url=ldaps://ds.example.com:3636 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
           docker exec pki pki-server cert-find

.github/workflows/kra-basic-test.yml

@@ -54,8 +54,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/ca.cfg \
               -s CA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_cert_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
           docker exec pki pki-server cert-find
@@ -102,8 +100,6 @@ jobs:
               -f /usr/share/pki/server/examples/installation/kra.cfg \
               -s KRA \
               -D pki_ds_url=ldap://ds.example.com:3389 \
-              -D pki_key_id_generator=random \
-              -D pki_request_id_generator=random \
               -v
 
       - name: Check KRA storage cert