Bug 504061
Summary: | ECC: unable to install subsystems (sub-CA, DRM, TKS, etc.) for an ECC CA | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Christina Fu <cfu> | ||||
Component: | ECC | Assignee: | Christina Fu <cfu> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | alee, awnuk, benl, dlackey, mharmsen, msauton, rrelyea, tao | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-06-04 19:55:27 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 445047 | ||||||
Attachments: |
|
Description
Christina Fu
2009-06-04 01:34:40 UTC
VERIFIED for other subsystems like OCSP, KRA succesfully. 1/ successful ECC OCSP installation and OCSP signing cert in EC ############################################# [root@beta ~]# certutil -L -d /var/lib/pki-ocsp-in1/alias/ -h nethsm2k -n "nethsm2k:ocspSigningCert cert-pki-ocsp-in1" Enter Password or Pin for "nethsm2k": Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: X9.62 ECDSA signature with SHA256 Issuer: "CN=Certificate Authority,OU=pki-ca-in1,O=DsdevSjcRedhat Doma in in1" Validity: Not Before: Mon Jan 24 13:26:46 2011 Not After : Sun Jan 13 13:26:46 2013 Subject: "CN=OCSP Signing Certificate,OU=pki-ocsp-in1,O=DsdevSjcRedha t Domain in1" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:26 EC Public Key: PublicValue: 04:01:cd:69:4a:23:fc:b4:51:0b:0d:17:3d:ff:ef:fb: 6c:7d:3d:f1:20:58:04:98:e8:f6:18:ac:c5:9f:96:d2: b4:62:c3:cb:66:57:f7:dc:9d:39:1c:98:bf:83:cc:3a: f5:d1:9d:e9:c6:d7:a2:83:19:12:48:02:cc:9b:18:1e: d5:53:c9:fb:a4:0f:ea:06:0a:05:1a:e3:35:15:b3:7c: 5b:14:77:b4:8c:cd:1e:52:22:49:34:ae:b9:cd:1e:5a: cd:e8:c7:b0:09:20:30:85:9e:3e:ef:ba:48:e0:af:47: 0b:73:71:d0:b9:da:88:92:34:77:9c:87:4e:cf:a2:ba: 95:d1:47:34:43:39:62:56:d2:b0:bf:5b:57:7a:77:27: 07 Curve: SECG elliptic curve sect571k1 (aka NIST K-571) Signed Extensions: Name: Certificate Authority Key Identifier Key ID: ec:0c:f6:06:f0:58:5d:12:d3:60:94:c6:15:f6:d2:82: f4:9c:d8:6d Name: Authority Information Access Method: PKIX Online Certificate Status Protocol Location: URI: "http://beta.dsdev.sjc.redhat.com:51380/ca/ocsp" Name: Extended Key Usage OCSP Responder Certificate Name: OCSP No Check Extension Data: NULL Signature Algorithm: X9.62 ECDSA signature with SHA256 Signature: 30:81:87:02:41:63:f6:64:86:5c:38:c4:2b:c8:34:f4: ab:5a:32:b9:1b:dc:e3:46:99:c1:ef:0c:6e:ad:0c:44: bf:ec:7c:3a:ea:0f:af:d4:3d:bb:6f:8d:d1:b1:3b:87: a4:cb:f1:f5:84:17:09:0a:cd:71:4d:60:46:2d:f6:59: 3a:55:f7:29:5e:7a:02:42:01:76:14:14:17:c5:f7:26: b5:82:ec:48:f0:0a:fd:64:ce:e5:d7:d0:e8:4d:a5:a3: 44:e6:71:7f:5c:8c:7d:18:88:83:80:4b:92:5e:ae:f7: 02:37:94:0c:ce:71:da:38:49:52:a5:68:49:94:65:0e: 61:4b:99:51:2f:0a:9e:31:cc:74 Fingerprint (MD5): 40:90:23:8A:BB:26:EF:82:82:15:C0:11:AF:61:F1:EC Fingerprint (SHA1): 5C:AA:E6:CE:C7:FC:C8:62:6A:0C:8E:A5:C4:FF:49:51:3F:07:EE:B3 Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User ############################################# 2/ Successful ECC DRM (storage cert) ############################################# [root@beta alias]# certutil -L -d /var/lib/pki-kraink1/alias/ -h nethsm2k -n "nethsm2k:storageCert cert-pki-kraink1" Enter Password or Pin for "nethsm2k": Certificate: Data: Version: 3 (0x2) Serial Number: 16 (0x10) Signature Algorithm: X9.62 ECDSA signature with SHA256 Issuer: "CN=Certificate Authority,OU=pki-ca-in1,O=DsdevSjcRedhat Doma in in1" Validity: Not Before: Mon Jan 24 15:45:23 2011 Not After : Sun Jan 13 15:45:23 2013 Subject: "CN=DRM Storage Certificate,OU=pki-kraink1,O=DsdevSjcRedhat Domain in1" Subject Public Key Info: Public Key Algorithm: X9.62 elliptic curve public key Args: 06:05:2b:81:04:00:23 EC Public Key: PublicValue: 04:01:1a:df:7d:2e:4b:54:ee:e2:0c:e4:11:72:73:a2: 1d:f6:0f:e3:8d:36:1d:60:5f:d0:80:f2:12:cb:8b:b7: 01:51:bc:94:38:eb:2e:03:fe:b7:38:0c:e9:60:72:52: 70:88:90:67:b0:65:03:42:79:c5:25:b8:79:67:59:bf: 44:2e:76:00:26:e1:4e:67:86:62:8e:9b:8a:e9:c9:b2: 5f:f1:c0:f5:f5:0e:ea:c9:48:a4:11:dd:19:00:fa:a1: 1c:d4:ee:59:5c:d4:fb:0a:56:7f:90:b7:4f:68:e0:7b: 44:c7:34:0e:1d:f3:9a:b1:3e:d8:5c:c8:f6:3b:f5:f6: 27:94:0d:81:71 Curve: SECG elliptic curve secp521r1 (aka NIST P-521) ##################################################### |