Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1550742 - Address ECC profile overrides
Address ECC profile overrides
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
7.6
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Christina Fu
Asha Akkiangady
Marc Muehlfeld
: ZStream
Depends On:
Blocks: 1547802 1596525
  Show dependency treegraph
 
Reported: 2018-03-01 18:38 EST by Christina Fu
Modified: 2018-10-30 07:06 EDT (History)
5 users (show)

See Also:
Fixed In Version: pki-core-10.5.9-2.el7
Doc Type: Enhancement
Doc Text:
Certificate System automatically applies ECC profiles when setting up root CA with ECC certificates This update enhances Certificate System to automatically apply ECC profiles when setting up a new root CA with ECC profiles using the *pkispawn* utility. As a result, administrators no longer have to set the profile overwrite parameters for ECC certificates as a workaround in the configuration file passed to *pkispawn* when setting up a root CA.
Story Points: ---
Clone Of:
: 1596525 (view as bug list)
Environment:
Last Closed: 2018-10-30 07:05:27 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3195 None None None 2018-10-30 07:06 EDT

  None (edit)
Description Christina Fu 2018-03-01 18:38:36 EST 
Description of problem:
During installation, pkispawn should distinguish RSA form ECC and point them to the respective set of enrollment profiles.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 Matthew Harmsen 2018-03-14 12:39:50 EDT 
This bug is meant to address the workaround documented at the following URL:

* http://pki.fedoraproject.org/wiki/PKI_10.5_Pkispawn_ECC_Profile_Workaround
Comment 4 Matthew Harmsen 2018-05-04 18:50:13 EDT 
 Per RHEL 7.5.z/7.6/8.0 Triage:  7.5.z
Comment 5 Christina Fu 2018-06-28 12:18:47 EDT 
https://review.gerrithub.io/c/dogtagpki/pki/+/417084

commit 9a8e54ab9a8f1192c240639c42f8a744160a8ef8 (HEAD -> master, origin/master, origin/HEAD, ticket-2959-pkispawn-EC-profiles-master)
Author: Christina Fu <cfu@redhat.com>
Date:   Wed Jun 27 15:04:57 2018 -0700

    Ticket #2959 Address pkispawn ECC profile overrides
    
    This patch enables proper ECC profiles to be automatically applied during
    pkispawn.
    
    This patch would eliminate the need for the workaround documented here:
    http://www.dogtagpki.org/wiki/PKI_10.5_Pkispawn_ECC_Profile_Workaround
    
    The idea is to use the % replacement strings as part of the profile names
    in the default.cfg file for pkispawn,
    and change the profile names to mach the format. So for example:
    
    %(pki_admin_key_type)AdminCert.profile
    
    would either be translated to rsaAdminCert.profile or eccAdminCert.profile
    depending  on the value in pki_admin_key_type
    
    fixes https://pagure.io/dogtagpki/issue/2959
Comment 8 Amol K 2018-08-14 01:57:50 EDT 
I tested this Bugzilla on 10.5.9-4.el7 version.

I tried it without a workaround. During the pkispawn it distinguishes between the RSA and EC profiles. 

After the successful installation, I'm able to see the admin, subsystem and Server certificate is generated as per the admin key type.

This Bugzilla working as expected.

Verifying this Bugzilla.
Comment 10 errata-xmlrpc 2018-10-30 07:05:27 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3195
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.