Bug 1550742
Summary: | Address ECC profile overrides | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Christina Fu <cfu> | |
Component: | pki-core | Assignee: | Christina Fu <cfu> | |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | |
Severity: | urgent | Docs Contact: | Marc Muehlfeld <mmuehlfe> | |
Priority: | urgent | |||
Version: | 7.6 | CC: | akahat, edewata, mharmsen, mmuehlfe, msauton | |
Target Milestone: | rc | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | pki-core-10.5.9-2.el7 | Doc Type: | Enhancement | |
Doc Text: |
Certificate System automatically applies ECC profiles when setting up root CA with ECC certificates
This update enhances Certificate System to automatically apply ECC profiles when setting up a new root CA with ECC profiles using the *pkispawn* utility. As a result, administrators no longer have to set the profile overwrite parameters for ECC certificates as a workaround in the configuration file passed to *pkispawn* when setting up a root CA.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1596525 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 11:05:27 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1547802, 1596525 |
Description
Christina Fu
2018-03-01 23:38:36 UTC
This bug is meant to address the workaround documented at the following URL: * http://pki.fedoraproject.org/wiki/PKI_10.5_Pkispawn_ECC_Profile_Workaround Per RHEL 7.5.z/7.6/8.0 Triage: 7.5.z https://review.gerrithub.io/c/dogtagpki/pki/+/417084 commit 9a8e54ab9a8f1192c240639c42f8a744160a8ef8 (HEAD -> master, origin/master, origin/HEAD, ticket-2959-pkispawn-EC-profiles-master) Author: Christina Fu <cfu> Date: Wed Jun 27 15:04:57 2018 -0700 Ticket #2959 Address pkispawn ECC profile overrides This patch enables proper ECC profiles to be automatically applied during pkispawn. This patch would eliminate the need for the workaround documented here: http://www.dogtagpki.org/wiki/PKI_10.5_Pkispawn_ECC_Profile_Workaround The idea is to use the % replacement strings as part of the profile names in the default.cfg file for pkispawn, and change the profile names to mach the format. So for example: %(pki_admin_key_type)AdminCert.profile would either be translated to rsaAdminCert.profile or eccAdminCert.profile depending on the value in pki_admin_key_type fixes https://pagure.io/dogtagpki/issue/2959 I tested this Bugzilla on 10.5.9-4.el7 version. I tried it without a workaround. During the pkispawn it distinguishes between the RSA and EC profiles. After the successful installation, I'm able to see the admin, subsystem and Server certificate is generated as per the admin key type. This Bugzilla working as expected. Verifying this Bugzilla. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3195 |