Description of problem:
During installation, pkispawn should distinguish RSA form ECC and point them to the respective set of enrollment profiles.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This bug is meant to address the workaround documented at the following URL:
Per RHEL 7.5.z/7.6/8.0 Triage: 7.5.z
commit 9a8e54ab9a8f1192c240639c42f8a744160a8ef8 (HEAD -> master, origin/master, origin/HEAD, ticket-2959-pkispawn-EC-profiles-master)
Author: Christina Fu <email@example.com>
Date: Wed Jun 27 15:04:57 2018 -0700
Ticket #2959 Address pkispawn ECC profile overrides
This patch enables proper ECC profiles to be automatically applied during
This patch would eliminate the need for the workaround documented here:
The idea is to use the % replacement strings as part of the profile names
in the default.cfg file for pkispawn,
and change the profile names to mach the format. So for example:
would either be translated to rsaAdminCert.profile or eccAdminCert.profile
depending on the value in pki_admin_key_type
I tested this Bugzilla on 10.5.9-4.el7 version.
I tried it without a workaround. During the pkispawn it distinguishes between the RSA and EC profiles.
After the successful installation, I'm able to see the admin, subsystem and Server certificate is generated as per the admin key type.
This Bugzilla working as expected.
Verifying this Bugzilla.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.