Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1549632 - Not able to generate certificate request with ECC using pki client-cert-request
Not able to generate certificate request with ECC using pki client-cert-request
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
7.5
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Amol K
Asha Akkiangady
Marc Muehlfeld
: TestCaseProvided, ZStream
Depends On:
Blocks: 1558919
  Show dependency treegraph
 
Reported: 2018-02-27 09:24 EST by Amol K
Modified: 2018-10-30 07:06 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The *client-cert-request* utility no longer fails to create CSRs for ECC certificates Previously, the *generatePkcs10Request* method in the Certificate System's *client-cert-request* utility failed to map the curve and length parameters. Consequently, the utility failed to create certificate signing requests (CSR) for Elliptic Curve Cryptography (ECC) certificates. The problem has been fixed. As a result, using *client-cert-request* for creating CSRs for ECC certificates works as expected.
Story Points: ---
Clone Of:
: 1558919 (view as bug list)
Environment:
Last Closed: 2018-10-30 07:05:27 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3195 None None None 2018-10-30 07:06 EDT

  None (edit)
Description Amol K 2018-02-27 09:24:02 EST 
Description of problem:

pki client-cert-request is not able to generate ECC certificate request.


Version-Release number of selected component (if applicable):
10.5.1-9.el7

How reproducible:
Always

Steps to Reproduce:
1. pki -d /opt/pki/certdb/ -c SECret.123 -p 20080 -v client-cert-request --algorithm ecc --curve nistp256  "UID=ecc_user3,CN=ECC User3" 


Actual results:
Server URI: http://pki1.example.com:20080
Client security database: /opt/pki/certdb
Message format: null
Command: client-cert-request --algorithm ecc --curve nistp256 "UID=ecc_user3,CN=ECC User3"
Module: client
Module: cert-request
External command: /usr/bin/PKCS10Client -d /opt/pki/certdb -p SECret.123 -a ecc -l 1024 -o /opt/pki/certdb/pki-client-cert-request-6623069256481018602.csr -n "UID=ecc_user3,CN=ECC User3"
java.lang.Exception: CSR generation failed
	at com.netscape.cmstools.client.ClientCertRequestCLI.generatePkcs10Request(ClientCertRequestCLI.java:408)
	at com.netscape.cmstools.client.ClientCertRequestCLI.execute(ClientCertRequestCLI.java:256)
	at com.netscape.cmstools.cli.CLI.execute(CLI.java:345)
	at com.netscape.cmstools.cli.CLI.execute(CLI.java:345)
	at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:633)
	at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:669)
Caused by: com.netscape.cmstools.cli.CLIException: External command failed. RC: 1
	at com.netscape.cmstools.cli.CLI.runExternal(CLI.java:386)
	at com.netscape.cmstools.client.ClientCertRequestCLI.generatePkcs10Request(ClientCertRequestCLI.java:406)


Expected results:
ECC CSR should be generated

Additional info:
Comment 5 Matthew Harmsen 2018-03-22 17:03:30 EDT 
commit 15911c8e65eb1543776a64f567ca3e281091e750 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, gerrit/DOGTAG_10_5_BRANCH)
Author: Amol Kahat <akahat@redhat.com>
Date:   Tue Feb 27 19:56:31 2018 +0530

    Fixed BZ 1549632: Not able to generate certificate request
    with ECC using pki client-cert-request
    
    Change-Id: I23a51af2c9e9bcc62983332bee22fe3c56ce1409
    Signed-off-by: Amol Kahat <akahat@redhat.com>
    (cherry picked from commit 69434ec08442b92cab8c304caef98200ff71e8e2)
Comment 6 Amol K 2018-03-26 02:43:39 EDT 
Testing Instructions: https://bugzilla.redhat.com/show_bug.cgi?id=1558919#c3
Comment 7 Matthew Harmsen 2018-04-24 20:34:22 EDT 
Marking MODIFIED; inherited from 7.5.z
Comment 11 Amol K 2018-08-13 07:50:49 EDT 
I tested this BZ on 10.5.9-5.el7 version.

I'm able to submit the certificate request with algo 'ec' and curve nistp256.
```
 pki -d /opt/pki/certdb/ -c SECret.123 -p 20080 -v client-cert-request --algorithm ec --curve nistp256  "UID=ecc_user3,CN=ECC User3" 

-----------------------------
Submitted certificate request
-----------------------------
  Request ID: 47
  Type: enrollment
  Request Status: pending
  Operation Result: success

```

Verifying this Bugzilla.
Comment 13 errata-xmlrpc 2018-10-30 07:05:27 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3195
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.