| Summary: | selfserv can't use PKCS#11 module for keys | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Hubert Kario <hkario> |
| Component: | nss | Assignee: | nss-nspr-maint <nss-nspr-maint> |
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.8 | CC: | hkario |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-13 17:42:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Hubert Kario
2016-12-02 18:39:30 UTC
Hubert, is this a regression? (In reply to Kai Engert (:kaie) from comment #3) > Hubert, is this a regression? I don't think so, but it would be a test blocker for proper test coverage of bug 1397979, it looks like an error on my part though, the nickname used is incorrect The issue is caused by selfserv looking by default to the first token only. To use key in other token, a full syntax that specifies also the token name needs to be used.
The simplest way to detect that, is to tell certutil to list certificates from all tokens, in this example:
certutil -L -d sql:.pki/nssdb/ -h all
which will print:
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
PEM Token #0:cert.pem u,u,u
so the correct syntax to start selfserv is:
selfserv -d sql:./.pki/nssdb -n 'PEM Token #0:cert.pem' -p 4433 -V tls1.0: -H 1
|