Bug 1717880

Summary: [RFE] Add support for password-protecting the keyfile
Product: Red Hat Enterprise Linux 8 Reporter: Stephen Gallagher <sgallagh>
Component: sscgAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: Branislav Náter <bnater>
Severity: low Docs Contact: Lenka Špačková <lkuprova>
Priority: unspecified    
Version: 8.0CC: bnater, rhel-stacks-subsystem-qe
Target Milestone: rcKeywords: FutureFeature
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: All   
OS: Unspecified   
Whiteboard:
Fixed In Version: sscg-2.3.3-7.el8 Doc Type: Enhancement
Doc Text:
.`sscg` now supports generating private key files protected by a password The `sscg` utility is now able to generate private key files protected by a password. This adds another level of protection for private keys, and it is required by some services, such as FreeRADIUS.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 15:39:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1672285    

Description Stephen Gallagher 2019-06-06 11:50:44 UTC 
Description of problem:
sscg generates certificates to use in place of self-signed certificates for testing environments and automatic defaults (such as mod_ssl, tog_pegasus and cockpit). Currently, it only supports creating passwordless keyfiles, since most of the current users don't need it to be protected. However, FreeRADIUS will need a password (BZ #1672285) so we should add this functionality so we can migrate FreeRADIUS to using sscg like the other services in RHEL 8.

Version-Release number of selected component (if applicable):
sscg-2.3.3-6.el8

How reproducible:
Every time

Steps to Reproduce:
1. Run `sscg` with any set of available arguments
2.
3.

Actual results:
Certificates and their keys are created, but the keyfiles cannot be created with a password.


Expected results:
There should be an option to provide the password either at the command-line or via standard input.


Additional info:
Comment 1 Stephen Gallagher 2019-06-06 14:25:34 UTC 
Pull-request under review upstream:

https://github.com/sgallagher/sscg/pull/15
Comment 15 errata-xmlrpc 2020-04-28 15:39:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1612