This issue is occurred because of generatePkcs10Request method not able to map curve and length properly.
This bug has been copied from bug #1549632 and has been proposed to be backported to 7.5 z-stream (EUS).
commit 15911c8e65eb1543776a64f567ca3e281091e750 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, gerrit/DOGTAG_10_5_BRANCH)
Author: Amol Kahat <firstname.lastname@example.org>
Date: Tue Feb 27 19:56:31 2018 +0530
Fixed BZ 1549632: Not able to generate certificate request
with ECC using pki client-cert-request
Signed-off-by: Amol Kahat <email@example.com>
(cherry picked from commit 69434ec08442b92cab8c304caef98200ff71e8e2)
Run: pki -d /opt/pki/certdb -c Secret123 -v -p 20080 client-cert-request "UID=testuserEC1,CN=Test User EC1" --algorithm ec --curve nistp256
It should generate certificate request with ECC.
I tested this Bugzilla on the pki 10.5.1-9.el7.
It works as expected.
Now we are able to create the certificate request using 'ec' algorithm and curve nistp256.
Verifying this bug.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.