Bug 499077

Summary:

Unable to load 4 certs onto smartcard

Product:

[Retired] Dogtag Certificate System

Reporter:

Chandrasekar Kannan <ckannan>

Component:

ESC

Assignee:

Jack Magne <jmagne>

Status:

CLOSED NOTABUG

QA Contact:

Chandrasekar Kannan <ckannan>

Severity:

urgent

Docs Contact:

Priority:

high

Version:

unspecified

CC:

aakkiang, alee, benl

Target Milestone:

---

Target Release:

---

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2009-06-09 01:26:54 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Bug Depends On:

Bug Blocks:

443788

Attachments:

Description	Flags
Profile to generate 3 certs on the token. (userKey)	none
Profile to generate 4 certs on the token. (userKey)	none
Screen shot with 4 certs	none
Successful CS.cfg	none
CS.cfg difference between failed and successful	none

Description Chandrasekar Kannan 2009-05-05 05:36:04 UTC

With tps profile changes in CS.cfg, we have been trying to get 4 certificates
on to the smartcard. But have been unsuccessful so far.

I'm attaching the profiles we used to the bug.

the profile we have been changing are userKey

Comment 1 Chandrasekar Kannan 2009-05-05 05:36:40 UTC

Created attachment 342412 [details]
Profile to generate 3 certs on the token. (userKey)

Comment 2 Chandrasekar Kannan 2009-05-05 05:37:27 UTC

Created attachment 342413 [details]
Profile to generate 4 certs on the token. (userKey)

Comment 3 Jack Magne 2009-06-09 01:19:42 UTC

This turned out to be a misconfiguration.

On the Safenet64K I tried this and got it to work.
Have not tried the Safenet, the only limitation could be memory space.


I will attach a copy of the successful CS.cfg for TPS to get it working.
A quick diff between my CS.cfg and the one attached here that did not work.
A screen shot of ESC showing the 4 certs.

Comment 4 Jack Magne 2009-06-09 01:21:30 UTC

Created attachment 346948 [details]
Screen shot with 4 certs

Comment 5 Jack Magne 2009-06-09 01:22:54 UTC

Created attachment 346949 [details]
Successful CS.cfg

Comment 6 Jack Magne 2009-06-09 01:23:27 UTC

Created attachment 346950 [details]
CS.cfg difference between failed and successful

Comment 7 Jack Magne 2009-06-09 01:26:54 UTC

I forgot to mention, the main problem is that the certs, public keys and private keys are given numbers and attributes. For instance the signing cert will have a private key number of 0 and public key number of 1. Etc. The numbering was was confused and thus confused the token when trying to generate the "email" private key.

If the safenet is found not to work, we can open a new bug since it will be resource limited and require action in the applet.

Comment 8 Jack Magne 2009-06-09 02:16:46 UTC

Just for fun, I tried this on a safenet card and it was able to load these 4 certs just fine.

Comment 9 Asha Akkiangady 2009-06-09 20:05:28 UTC

Tested loading 4 certs on both Gemalto 64K and Safenet 330J cards with the above mentioned Successful CS.cfg, able to load 4 certs. 

This bug is a user error, hence closing with status notabug.