Bug 1462563 - Enabling CA with nuxwdog fails when CA is configured with HSM
Enabling CA with nuxwdog fails when CA is configured with HSM
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
7.4
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Ade Lee
Asha Akkiangady
:
Depends On:
Blocks: 1480383
  Show dependency treegraph
 
Reported: 2017-06-18 18:52 EDT by Asha Akkiangady
Modified: 2017-09-26 20:34 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1480383 (view as bug list)
Environment:
Last Closed: 2017-09-26 20:34:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 2 Asha Akkiangady 2017-06-18 18:57:58 EDT
The pki-tomcatd-nuxwdog service did not ask for HSM password.
Comment 3 Asha Akkiangady 2017-07-17 13:43:49 EDT
The fix is required for CC set-up. Can we have this bz fixed in RHEL 7.4 z-stream update 1?
Comment 4 Ade Lee 2017-08-10 15:39:43 EDT
When you have an HSM, the following parameter needs to be added to CS.cfg:

cms.tokenList=<TOKEN_NAME>

For instance, if the token password in password.conf is specified as 
hardware-NHSM-RPATTATH-SOFTCARD=SECret.456

Then the entry will look like this:
cms.tokenList=NHSM-RPATTATH-SOFTCARD

When this is added, nuxwdog will prompt for the password to hardware-NHSM-RPATTATH-SOFTCARD on startup.


This additional parameter needs to added to documentation and/or knowledge base article.  It will be added to the man page for pki-server-nuxwdog in RHEL 7.5.
Comment 5 Ade Lee 2017-08-10 15:40:21 EDT
Propose that this bug be closed for RHEL 7.4

Note You need to log in before you can comment on or make changes to this bug.