Bug 557641

Summary: Registry-aware PKI subsystems do NOT work with shared NSS databases
Product: [Retired] Dogtag Certificate System Reporter: Matthew Harmsen <mharmsen>
Component: TPSAssignee: Christina Fu <cfu>
Status: CLOSED UPSTREAM QA Contact: Kaushik Banerjee <kbanerje>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.3CC: alee, dpal, jmagne
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-30 00:18:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 688231    

Description Matthew Harmsen 2010-01-22 02:02:16 UTC 
During creation of the registry-aware RA and TPS subsystems, it was discovered that these two PKI subsystems (Perl/Apache and C/C++/Apache) will NOT work if the "NSS_DEFAULT_DB_TYPE=sql" environment variable is set.

When this variable is set, the new SQL-based shared NSS databases are utilized -- 'cert9.db', 'key4.db', and 'pkcs11.txt';  when NOT set, the old DBM databases are utilized -- 'cert8.db', 'key3.db', and 'secmod.db'.

The CA, KRA, OCSP, and TKS PKI subsystems (Java/Tomcat) appear to work with the new NSS shared databases.
Comment 1 Matthew Harmsen 2010-01-22 03:24:21 UTC 
CORRECTION:  ALL registry-aware PKI instances including CA, KRA, OCSP, RA, TKS,
             and TPS were unable to be "configured" when using a shared NSS
             database.
Comment 6 Matthew Harmsen 2012-11-28 01:30:04 UTC 
Upstream ticket:
https://fedorahosted.org/pki/ticket/167
Comment 8 Matthew Harmsen 2018-06-30 00:18:51 UTC 
edewata added the folloowing:

The migration issue was fixed in the following changes:

    https://github.com/dogtagpki/pki/commit/dd8bdc6c9b6e4bd8966237a3606099e74b1a7d9b
    https://github.com/dogtagpki/pki/commit/d06bed84e50ac3acb578d4e0acc0a538e3826979
    https://github.com/dogtagpki/pki/commit/e4384d2c5986b98d5c084e7b9d8f4fa93fddb432
    https://github.com/dogtagpki/pki/commit/c02268cc025ebfb0860d5528e080e208e09b3cbb