Bug 1477318
Summary: | CA and TPS audit log messages should mention the key size info during token enrollment | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Roshni <rpattath> |
Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> |
Status: | CLOSED NOTABUG | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.3 | CC: | cfu, mharmsen |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-02-11 20:22:27 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Roshni
2017-08-01 18:58:32 UTC
[20171025] - RHEL 7.5 / RHCS 9.3 pre-Alpha Offline Triage ==> 7.6 Per RHEL 7.5.z/7.6/8.0 Triage: 7.6 jmagne: low hanging and kind of useful info for audit log. Moved to RHEL 7.7. I"m not sure where the requirement comes from irt cert request records having to contain key size info. The Common Criteria pp_ca_v2.1 only states that for cert issuance, one could provide a link to the cert request. In our case, we provide the cert request ID, which serves as a valid "link" to the actual cert request record, which contains all the info needed, including key size. TPS is different in a way that it is an RA, which in success case, should contain serial number (which appears to be the case) and will properly link to the CA audit then cert request record. In the failure case, in my opinion, it should contain a cert request id (if it got that far); otherwise there's not much one could do. I don't see any TPS enrollment failure example in the description so I can't say if it has it or not. per meeting discussion today. We will close this as not a bug. Feel free to open with explanation if disagree. |