Bug 1469446
Summary: | CC: need CMC enrollment profiles for system certificates | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jaroslav Reznik <jreznik> |
Component: | pki-core | Assignee: | Christina Fu <cfu> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | urgent | Docs Contact: | Petr Bokoc <pbokoc> |
Priority: | urgent | ||
Version: | 7.4 | CC: | cfu, edewata, gkapoor, mharmsen, msauton, pbokoc, tlavigne |
Target Milestone: | rc | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.4.1-12.el7_4 | Doc Type: | Enhancement |
Doc Text: |
This update adds support for CMC-based system certificate requests, and adds the following new CMC-based system enrollment profiles:
- caCMCauditSigningCert.cfg
- caCMCcaCert.cfg
- caCMCkraStorageCert.cfg
- caCMCkraTransportCert.cfg
- caCMCocspCert.cfg
- caCMCserverCert.cfg
- caCMCsubsystemCert.cfg
|
Story Points: | --- |
Clone Of: | 1464591 | Environment: | |
Last Closed: | 2017-09-05 11:25:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1464591 | ||
Bug Blocks: |
Description
Jaroslav Reznik
2017-07-11 09:42:21 UTC
Hello, Please mention the testing steps or any document that i can refer for test case creation. (In reply to Geetika Kapoor from comment #3) > Hello, > Please mention the testing steps or any document that i can refer for test > case creation. https://pki.fedoraproject.org/wiki/PKI_10.4_CMC_Feature_Update_(RFC5272)#Examples_.28System_Certificates.29 Test Build: =========== rpm -qa pki-ca pki-ca-10.4.1-12.el7_4.noarch Test Cases: =========== Refer https://pki.fedoraproject.org/wiki/PKI_10.4_CMC_Feature_Update_%28RFC5272%29#Examples_.28System_Certificates.29 1.1 Getting a Subordinate CA Certificate This test case works as expected with cmc.popLinkWitnessRequired=false. This test case works as expected with cmc.popLinkWitnessRequired=true. when using in true mode, do below changes in cmc file. enable popwitnesslink and identification. 1.2 Getting an OCSP Signing Certificate This test case works as expected with cmc.popLinkWitnessRequired=false. This test case works as expected with cmc.popLinkWitnessRequired=true. when using in true mode, do below changes in cmc file. enable popwitnesslink and identification. 1.3 Getting an SSL Server Certificate This test case works as expected with cmc.popLinkWitnessRequired=false. This test case works as expected with cmc.popLinkWitnessRequired=true. when using in true mode, do below changes in cmc file. enable popwitnesslink and identification. 1.4 Getting a Subsystem Certificate This test case works as expected with cmc.popLinkWitnessRequired=false. This test case works as expected with cmc.popLinkWitnessRequired=true. when using in true mode, do below changes in cmc file. enable popwitnesslink and identification. 1.5 Getting an Audit Signing Certificate This test case works as expected with cmc.popLinkWitnessRequired=false. This test case works as expected with cmc.popLinkWitnessRequired=true. when using in true mode, do below changes in cmc file. enable popwitnesslink and identification. 1.6 Getting a KRA Transport Certificate This test case works as expected with cmc.popLinkWitnessRequired=false. This test case works as expected with cmc.popLinkWitnessRequired=true. when using in true mode, do below changes in cmc file. enable popwitnesslink and identification. 1.7 Getting a KRA Storage Certificate This test case works as expected with cmc.popLinkWitnessRequired=false. This test case works as expected with cmc.popLinkWitnessRequired=true. when using in true mode, do below changes in cmc file. enable popwitnesslink and identification. Verified above mentioned test cases.!! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2575 |