fix: serial number stored in DB now matches certificate serial number

devangpratap · devangpratap · commit 95452e360778 · 2026-03-01T18:29:17.000-05:00
diff --git a/django_x509/base/models.py b/django_x509/base/models.py
@@ -339,6 +339,7 @@ def _generate(self):
         digest_alg = HASH_MAP.get(digest_name, hashes.SHA256)()
         cert = builder.sign(signing_key, digest_alg)
         self.certificate = cert.public_bytes(serialization.Encoding.PEM).decode("utf-8")
+        self.serial_number = str(cert.serial_number)
         encryption = (
             serialization.BestAvailableEncryption(self.passphrase.encode("utf-8"))
             if self.passphrase
diff --git a/django_x509/tests/test_cert.py b/django_x509/tests/test_cert.py
@@ -439,6 +439,15 @@ def test_create_old_serial_certificate(self):
         x509_obj = cert.x509
         self.assertEqual(x509_obj.serial_number, 3)
 
+    def test_serial_number_db_matches_certificate(self):
+        cert = self._create_cert()
+        cert.refresh_from_db()
+        # The serial number in the X.509 certificate is encoded as a big-endian
+        # hex integer in the DER structure. Convert it to int and verify it
+        # exactly equals the value stored in the database.
+        cert_serial_hex = format(cert.x509.serial_number, "x")
+        self.assertEqual(int(cert_serial_hex, 16), int(cert.serial_number))
+
     def test_bad_serial_number_cert(self):
         try:
             self._create_cert(serial_number="notIntegers")
