Bug 499077
Summary: | Unable to load 4 certs onto smartcard | ||
---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Chandrasekar Kannan <ckannan> |
Component: | ESC | Assignee: | Jack Magne <jmagne> |
Status: | CLOSED NOTABUG | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | urgent | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aakkiang, alee, benl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-06-09 01:26:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 443788 | ||
Attachments: |
Description
Chandrasekar Kannan
2009-05-05 05:36:04 UTC
Created attachment 342412 [details]
Profile to generate 3 certs on the token. (userKey)
Created attachment 342413 [details]
Profile to generate 4 certs on the token. (userKey)
This turned out to be a misconfiguration. On the Safenet64K I tried this and got it to work. Have not tried the Safenet, the only limitation could be memory space. I will attach a copy of the successful CS.cfg for TPS to get it working. A quick diff between my CS.cfg and the one attached here that did not work. A screen shot of ESC showing the 4 certs. Created attachment 346948 [details]
Screen shot with 4 certs
Created attachment 346949 [details]
Successful CS.cfg
Created attachment 346950 [details]
CS.cfg difference between failed and successful
I forgot to mention, the main problem is that the certs, public keys and private keys are given numbers and attributes. For instance the signing cert will have a private key number of 0 and public key number of 1. Etc. The numbering was was confused and thus confused the token when trying to generate the "email" private key. If the safenet is found not to work, we can open a new bug since it will be resource limited and require action in the applet. Just for fun, I tried this on a safenet card and it was able to load these 4 certs just fine. Tested loading 4 certs on both Gemalto 64K and Safenet 330J cards with the above mentioned Successful CS.cfg, able to load 4 certs. This bug is a user error, hence closing with status notabug. |