From 73ef787803293111272bf2851e7f6baca9c9b0ca Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: May 04 2018 07:17:27 +0000
Subject: renew-dummy-cert: Fix long serial number renewal problem.


Do not try to increment the serial number, use long random one instead.

---

diff --git a/renew-dummy-cert b/renew-dummy-cert
index 50f9931..92e271c 100755
--- a/renew-dummy-cert
+++ b/renew-dummy-cert
@@ -18,16 +18,13 @@ if [ ! -f $PEM ]; then
 	exit 1
 fi
 
-let -a SERIAL=0x$(openssl x509 -in $PEM -noout -serial | cut -d= -f2)
-let SERIAL++
-
 umask 077
 
 OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
 
 openssl rsa -inform pem -in $PEM -out $KEY
 openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
-openssl x509 -req -in $REQ -signkey $KEY -set_serial $SERIAL -days 365 \
+openssl x509 -req -in $REQ -signkey $KEY -days 365 \
 	-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
 
 (cat $KEY ; echo "" ; cat $CRT) > $NEW