Can get root certificate

handler/generate_certificate.go

@@ -73,7 +73,7 @@ func (s *KeyStorageServerImpl) GenerateCertificate(ctx context.Context, in *api.
 }
 
 func generateCertificate(publicKeyBytes []byte, caCertFilePath string, caPrivateKeyFilePath string,
-	certificateData *api.GenerateCertificateRequest_CertificateData) ([]byte, error) {
+	certificateData *api.CertificateData) ([]byte, error) {
 
 	publicKeyPemBlock, _ := pem.Decode(publicKeyBytes)
 
@@ -82,11 +82,21 @@ func generateCertificate(publicKeyBytes []byte, caCertFilePath string, caPrivate
 		return nil, err
 	}
 
-	notBeforeTime := time.Unix(certificateData.NotBefore.Seconds, int64(certificateData.NotBefore.Nanos)).UTC()
-	notAfterTime := time.Unix(certificateData.NotAfter.Seconds, int64(certificateData.NotAfter.Nanos)).UTC()
+	notBeforeTime := time.Unix(certificateData.NotBefore/1000, 0).UTC()
+	notAfterTime := time.Unix(certificateData.NotAfter/1000, 0).UTC()
+
+	max := new(big.Int)
+	max.Exp(big.NewInt(2), big.NewInt(130), nil).Sub(max, big.NewInt(1))
+
+	//Generate cryptographically strong pseudo-random between 0 - max
+	sn, err := rand.Int(rand.Reader, max)
+
+	if err != nil {
+		return nil, err
+	}
 
 	template := x509.Certificate{
-		SerialNumber: big.NewInt(1),
+		SerialNumber: sn,
 		Subject: pkix.Name{
 			Country:            []string{certificateData.Country},
 			Organization:       []string{certificateData.Organization},