1405935 – [RFE] Support in IPA for HSM boxes

Bug 1405935 - [RFE] Support in IPA for HSM boxes

Summary: [RFE] Support in IPA for HSM boxes

Keywords:
Status:	ASSIGNED
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	beta
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	ipa-qe
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-19 08:51 UTC by Luc de Louw
Modified:	2023-07-31 22:37 UTC (History)
CC List:	24 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
FedoraHosted FreeIPA	5608	0	None	None	None	2016-12-19 08:52:36 UTC
Red Hat Issue Tracker	FREEIPA-7150	0	None	None	None	2021-10-22 14:50:13 UTC

Description Luc de Louw 2016-12-19 08:51:12 UTC

Description of problem:
Large organizations have to use HSM boxes for CA certs. Due to company policy or regulatory.

Upstream Dogtag comes with HSM support.

Version-Release number of selected component (if applicable):
4.4.x

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

Support for HSM Boxes

Additional info:

Comment 3 Petr Vobornik 2017-01-06 17:34:26 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5608

Comment 12 Alexander Bokovoy 2018-11-12 12:17:17 UTC

We are working on this feature upstream. At this point there are needs to improve code in several components IdM relies on. We are not planning yet to bring the work back to RHEL 7 as upstream work is not completed yet.

Comment 13 Christian Heimes 2019-04-10 11:44:40 UTC

The first set of patches is adding an option to override some PKI spawn settings.

Fixed upstream
master:
https://pagure.io/freeipa/c/8c4d75fd2e2972495a0693f1f86a64f09fc929f2
https://pagure.io/freeipa/c/0a2b02fc620ef16af87be5ec2ba47cd6831059f5
https://pagure.io/freeipa/c/70beccada2e439b9d8d32dbeab369cdb7f0a8383
https://pagure.io/freeipa/c/f847d7756f8d15e47930a709374cf3d95e4b4d8a
https://pagure.io/freeipa/c/dd47cfc75a69618f486abefb70f2649ebf8264e7
https://pagure.io/freeipa/c/94937424b12da3e7294ebbcb256b9423ee2d150e
https://pagure.io/freeipa/c/dba89712c6a67390c616d5950efab39a73dd8c16
https://pagure.io/freeipa/c/42efdc7bb1c208ac02d45865d68df959f87d5148
https://pagure.io/freeipa/c/2b2c5d6c931660e73cc1c9e75aa3055ab20f386b

Comment 14 Amy Farley 2019-08-16 16:02:27 UTC

Moving to RHEL 8.

Comment 26 Rob Crittenden 2022-11-15 19:54:35 UTC

Additional upstream ticket:
https://pagure.io/freeipa/issue/9273

Comment 27 Rob Crittenden 2022-11-16 19:50:03 UTC

Fixed upstream
master:
https://pagure.io/freeipa/c/83161913fb19e1e04286eb93c73c44b19d948325

Comment 28 Florence Blanc-Renaud 2022-11-18 08:47:20 UTC

Fixed upstream
ipa-4-10:
https://pagure.io/freeipa/c/1de3f6c5580dfe57e39c72268dc54b9dfeb17e69

Comment 29 Rob Crittenden 2022-11-18 21:07:02 UTC

Design doc

Fixed upstream
master:
https://pagure.io/freeipa/c/a7b58b3c07576cbea21b4528b9d703a63ebc78b2

Comment 30 Florence Blanc-Renaud 2022-11-21 07:29:13 UTC

Design doc
Fixed upstream
ipa-4-10:
https://pagure.io/freeipa/c/2aa8ec1df1468ef2ed8e54ec76f53b858ce0d241

Note You need to log in before you can comment on or make changes to this bug.

abokovoy
abustosp
afarley
apeddire
asharov
cheimes
cobrown
dsirrine
ekeck
fgarciad
frenaud
ipa-maint
jswensso
kpeeples
mrhodes
nkinder
oli.wade
pasik
pkulkarn
pvoborni
rcritten
ricardo.arguello
tscherf
vmishra