When software tokens such as MobileID are created by the authentication server, a sequential serial number will be automatically generated (with serial numbers starting from "10000001").
If software tokens are to be imported from an external source (for example when importing software tokens from one authentication server into a newly created authentication server), it is necessary to ensure that newly created tokens will not be created with serial numbers and types that match those of tokens already present in the token repository.
If you need to import software tokens that were generated on another DualShield server then there are a few checks that need to be performed in order to prevent the possibility of tokens being created with duplicate serial numbers;
- Ensure that none of the tokens to be imported have both matching serial numbers and token types as tokens already present in the token repository.
- For each software token type, examine the serial numbers of the imported tokens to identify If any of the serial numbers are higher than the highest serial numbers of tokens of the same type already in the token repository. If higher serial numbers can be found, then make a note of which of the importing tokens of this type has the highest serial number.
- After importing the software tokens you will need to ensure that newly created tokens of all type when generated will have higher serial numbers than those of the same type that already exist in the token repository.
Provided you follow the above instructions, you will avoid the risk of potentially generating tokens with matching serial numbers.
Procedure to change the next serial number allocated for software tokens
For each software token type that can be created in the authentication server there is a value that is stored in the internal database.
The values for the next generated token serial numbers to be used for each type cannot be changed from within the authentication server, and can only be changed from within the database.
Example: Changing the next generated serial number for MobileID tokens;
- Logon to the SQL server by opening a command prompt window (with admin privilege), then changing dirctory to the DualShield installation directory, then change to the subfolder "\mysql\bin"
- Enter the command "mysql -u root -p" then supply your database password to login to the MySQL console;
At the console prompt "mysql>" enter the following commands:
- "use dualshield;"
- "Select * from serial_generator;"
On my example, mine is already at number 6, but for a new server, it will be at number 1. You need to change the number in this column to be the one after the highest serial number you can see in Token Management.
So, mine was 103, therefore I need to update the ‘next_serial’ column to 104:
Update serial_generator set next_serial = 104; Obviously you will type in the number which applies to your own token serial number!
Now run this command again:
select * from serial_generator;
If all has gone well you should see that the ‘next_serial’ column has been updated.
The next software token from the management console will now match the same serial number: