Bug 1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z]
Summary: Not able to generate certificate request with ECC using pki client-cert-reque...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.5
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Amol K
QA Contact: Asha Akkiangady
Depends On: 1549632
TreeView+ depends on / blocked
Reported: 2018-03-21 10:14 UTC by Oneata Mircea Teodor
Modified: 2018-06-26 16:48 UTC (History)
6 users (show)

Fixed In Version: pki-core-10.5.1-10.el7
Doc Type: No Doc Update
Doc Text:
This issue is occurred because of generatePkcs10Request method not able to map curve and length properly.
Clone Of: 1549632
Last Closed: 2018-06-26 16:47:58 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1979 0 None None None 2018-06-26 16:48:27 UTC

Description Oneata Mircea Teodor 2018-03-21 10:14:30 UTC
This bug has been copied from bug #1549632 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 2 Matthew Harmsen 2018-03-22 22:58:46 UTC
commit 15911c8e65eb1543776a64f567ca3e281091e750 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, gerrit/DOGTAG_10_5_BRANCH)
Author: Amol Kahat <akahat@redhat.com>
Date:   Tue Feb 27 19:56:31 2018 +0530

    Fixed BZ 1549632: Not able to generate certificate request
    with ECC using pki client-cert-request
    Change-Id: I23a51af2c9e9bcc62983332bee22fe3c56ce1409
    Signed-off-by: Amol Kahat <akahat@redhat.com>
    (cherry picked from commit 69434ec08442b92cab8c304caef98200ff71e8e2)

Comment 3 Amol K 2018-03-23 06:55:22 UTC
Testing instructions:

Run: pki -d /opt/pki/certdb -c Secret123 -v -p 20080 client-cert-request "UID=testuserEC1,CN=Test User EC1" --algorithm ec --curve nistp256 

It should generate certificate request with ECC.

Comment 5 Amol K 2018-04-10 09:06:39 UTC
I tested this Bugzilla on the pki 10.5.1-9.el7.

It works as expected. 

Now we are able to create the certificate request using 'ec' algorithm and curve nistp256.

Verifying this bug.

Comment 7 errata-xmlrpc 2018-06-26 16:47:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.