1405935 – [RFE] Support in IPA for HSM boxes

This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1405935 - [RFE] Support in IPA for HSM boxes

Summary: [RFE] Support in IPA for HSM boxes

Keywords:
Status:	CLOSED MIGRATED
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	beta
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	ipa-qe
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-19 08:51 UTC by Luc de Louw
Modified:	2024-06-13 20:45 UTC (History)
CC List:	24 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-09-18 17:51:08 UTC
Type:	Story
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
FedoraHosted FreeIPA	5608	None	None	None	2016-12-19 08:52:36 UTC
Red Hat Issue Tracker	FREEIPA-7150	None	None	None	2021-10-22 14:50:13 UTC
Red Hat Issue Tracker	RHEL-4807	None	Migrated	None	2024-05-16 12:54:16 UTC

Description Luc de Louw 2016-12-19 08:51:12 UTC

Description of problem:
Large organizations have to use HSM boxes for CA certs. Due to company policy or regulatory.

Upstream Dogtag comes with HSM support.

Version-Release number of selected component (if applicable):
4.4.x

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

Support for HSM Boxes

Additional info:

Comment 3 Petr Vobornik 2017-01-06 17:34:26 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5608

Comment 12 Alexander Bokovoy 2018-11-12 12:17:17 UTC

We are working on this feature upstream. At this point there are needs to improve code in several components IdM relies on. We are not planning yet to bring the work back to RHEL 7 as upstream work is not completed yet.

Comment 13 Christian Heimes 2019-04-10 11:44:40 UTC

The first set of patches is adding an option to override some PKI spawn settings.

Fixed upstream
master:
https://pagure.io/freeipa/c/8c4d75fd2e2972495a0693f1f86a64f09fc929f2
https://pagure.io/freeipa/c/0a2b02fc620ef16af87be5ec2ba47cd6831059f5
https://pagure.io/freeipa/c/70beccada2e439b9d8d32dbeab369cdb7f0a8383
https://pagure.io/freeipa/c/f847d7756f8d15e47930a709374cf3d95e4b4d8a
https://pagure.io/freeipa/c/dd47cfc75a69618f486abefb70f2649ebf8264e7
https://pagure.io/freeipa/c/94937424b12da3e7294ebbcb256b9423ee2d150e
https://pagure.io/freeipa/c/dba89712c6a67390c616d5950efab39a73dd8c16
https://pagure.io/freeipa/c/42efdc7bb1c208ac02d45865d68df959f87d5148
https://pagure.io/freeipa/c/2b2c5d6c931660e73cc1c9e75aa3055ab20f386b

Comment 14 Amy Farley 2019-08-16 16:02:27 UTC

Moving to RHEL 8.

Comment 26 Rob Crittenden 2022-11-15 19:54:35 UTC

Additional upstream ticket:
https://pagure.io/freeipa/issue/9273

Comment 27 Rob Crittenden 2022-11-16 19:50:03 UTC

Fixed upstream
master:
https://pagure.io/freeipa/c/83161913fb19e1e04286eb93c73c44b19d948325

Comment 28 Florence Blanc-Renaud 2022-11-18 08:47:20 UTC

Fixed upstream
ipa-4-10:
https://pagure.io/freeipa/c/1de3f6c5580dfe57e39c72268dc54b9dfeb17e69

Comment 29 Rob Crittenden 2022-11-18 21:07:02 UTC

Design doc

Fixed upstream
master:
https://pagure.io/freeipa/c/a7b58b3c07576cbea21b4528b9d703a63ebc78b2

Comment 30 Florence Blanc-Renaud 2022-11-21 07:29:13 UTC

Design doc
Fixed upstream
ipa-4-10:
https://pagure.io/freeipa/c/2aa8ec1df1468ef2ed8e54ec76f53b858ce0d241

Comment 38 RHEL Program Management 2023-09-18 17:46:03 UTC

Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.

Comment 39 RHEL Program Management 2023-09-18 17:51:08 UTC

This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information.

Comment 40 Rob Crittenden 2024-05-16 12:54:17 UTC

Fixed upstream
master:
https://pagure.io/freeipa/c/cba3094c9af5ceac66dd2c11839acbab80c6e9d3
https://pagure.io/freeipa/c/e6078c639c332e0079fa0cbff3fa54882d79b3bd
https://pagure.io/freeipa/c/34f28f06db291c7408fbeb7276dcdaae5f0ef18a
https://pagure.io/freeipa/c/73d52a613518ca1e2d2303b660f9dc439987f90f
https://pagure.io/freeipa/c/e3234708ac356065641ce1ea4d6460c7fd50c815
https://pagure.io/freeipa/c/f658a264f9cbdb190aa4ff6ab21903da0a7e84c8
https://pagure.io/freeipa/c/d9efa728c5c93e232eaf03b432b0699804189012
https://pagure.io/freeipa/c/82c0b19acce147b3f82183b561883c7ca9137403
https://pagure.io/freeipa/c/a99091adc0bf8dd745ef3f5980a5bc66294e8c06
https://pagure.io/freeipa/c/7ad3b489f6272e5b041d410f8098f454b584209e
https://pagure.io/freeipa/c/93622005ba0f14e68010a84b07cc050cfdc4bedc
https://pagure.io/freeipa/c/d0c489e28228f4ce5f92c2dfc2c7b9e86c7fcb36
https://pagure.io/freeipa/c/0708f603e2d632db77a95d135e28242c6d1a7ee7
https://pagure.io/freeipa/c/b89aa919778a048fbb54f0a3426423d23f6c38df
https://pagure.io/freeipa/c/06a8791b9beec5a95a5072e9a02a4379ac46770d
https://pagure.io/freeipa/c/36dbc6b0258f3e21a3fe6c72cd55bf0c141c0946
https://pagure.io/freeipa/c/6b894f28b5ac07fff3863cc4fec6b9a2383b615e
https://pagure.io/freeipa/c/31d66bac64501efd54afe2041b9d00da66ac0ae3
https://pagure.io/freeipa/c/c6dd21f04e9f14b0c1e5c064e87b3266ff02f60f
https://pagure.io/freeipa/c/87ecca0f180fb0cd7ffefb1d9c1b200683a2e38a
https://pagure.io/freeipa/c/f8798b3e16d9f51a3ae355a2270f7346754301dc
https://pagure.io/freeipa/c/1ec875c6fe677357d4dfb50090dc18ae902328a1
https://pagure.io/freeipa/c/b63103c88a57b1320ce2e38f7483ef37692feebd
https://pagure.io/freeipa/c/c6f2d0212bf9aa2ed816779540d69233fe7110a5
https://pagure.io/freeipa/c/31fda79a0e3f34dcf71a9e2687faa958ecb91ab8
https://pagure.io/freeipa/c/b9ec2fb0a91034934b48d419c2d0eaa2c36faef1
https://pagure.io/freeipa/c/ea0bf4020ce0b1e32572e128e9323c5af60ec93d
https://pagure.io/freeipa/c/bcd8d2d90a41eb94422ad5fad730bd0570108f91
https://pagure.io/freeipa/c/879a937dddf17478378d9e855317ee199ac645c9
https://pagure.io/freeipa/c/6b6c1879c5174869128ae28048673995242b18c1
https://pagure.io/freeipa/c/c861ce5a1634b43b04c3d38d49d5b3e4e599b7d7
https://pagure.io/freeipa/c/6af8577d58c4b2bed04ec0bd02042ba7122ab518

Note You need to log in before you can comment on or make changes to this bug.

abokovoy
abustosp
afarley
apeddire
asharov
cheimes
cobrown
dsirrine
ekeck
fgarciad
frenaud
ipa-maint
jswensso
kpeeples
mrhodes
nkinder
oli.wade
pasik
pkulkarn
pvoborni
rcritten
ricardo.arguello
tscherf
vmishra