Bug 250314 - rhcs73 - crm #1637818 - Use PKCS#12 files to import certificates to smart card
Summary: rhcs73 - crm #1637818 - Use PKCS#12 files to import certificates to smart card
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Certificate System
Classification: Red Hat
Component: ESC
Version: 7.3
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Jack Magne
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 445047
TreeView+ depends on / blocked
 
Reported: 2007-07-31 19:32 UTC by Issue Tracker
Modified: 2018-11-14 18:13 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-15 23:48:34 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Issue Tracker 2007-07-31 19:32:26 UTC 
Escalated to Bugzilla from IssueTracker
Comment 1 Issue Tracker 2007-07-31 19:32:30 UTC 
This question refers to Red Hat Certificate System 7.3 and its associated middleware for Windows.   
 
How can we import certificates to a smart card using PKCS #12 files?  Does CS 7.3 support this capability?  If not, does RedHat plan to add PKCS #12 importing support for cards in the future?   
 

This event sent from IssueTracker by ble  [SEG - Certificate System Engineering]
 issue 126122
Comment 2 Issue Tracker 2007-07-31 19:32:31 UTC 
Currently, we don't support PKCS#12 on CS 7.3. This feature will be
approve by Product Manager (Kevin Unthank or Bob Lord) to add this on next
release. 

Ben.


Issue escalated to Certificate System Engineering by: ble.
Internal Status set to 'Waiting on Engineering'

This event sent from IssueTracker by ble  [SEG - Certificate System
Engineering]
 issue 126122
Comment 3 Issue Tracker 2007-07-31 19:32:33 UTC 
You can use openssl and / or certutil and pk12util from nss (bundled with
rhcs)

Documents and examples:

http://www.mozilla.org/projects/security/pki/nss/
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html

RHCS73 migration guide
https://www.redhat.com/docs/manuals/cert-system/7.3/html/Migration_Guide/index.html

http://directory.fedoraproject.org/wiki/Howto:SSL

Converting an OpenSSL certificate for use with Directory Server
http://directory.fedoraproject.org/wiki/FAQ#Converting_an_OpenSSL_certificate_for_use_with_Directory_Server


Internal Status set to 'Waiting on Support'
Version set to: '7.3'

This event sent from IssueTracker by ble  [SEG - Certificate System
Engineering]
 issue 126122
Comment 4 Issue Tracker 2007-07-31 19:32:35 UTC 
Hi...here is the comments from the customer

Hello, based on your suggestions we used the utilities from  
http://www.mozilla.org/projects/security/pki/nss/nss-3.9/nss-3.9-release-notes.html

- nss 3.9  
- nspr 4.4.1
(Windows versions)  

We tried using pk12util to export a certificate from a smart card token,
however we received an error "pk12util: add cert and key failed: Unable
to export.  Private Key could not be located and exported."  

We also tried using pk12util to import a certificate, but received this
error message: "pk12util: PKCS12 decode import bags failed: Unable to
import.  Error attempting to import private key."  

We noticed that there is a bug reported for pk12util (bug id # 4620283)
from SunONE at http://docs.sun.com/source/819-0426-11/notes.html which
indicates that pk12util cannot export keys from external hardware devices.
 

Could you please provide examples of how to import/export certs to/from a
smart card? 

Internal Status set to 'Waiting on SEG'

This event sent from IssueTracker by ble  [SEG - Certificate System
Engineering]
 issue 126122
Comment 11 Chandrasekar Kannan 2008-08-28 18:32:50 UTC 
per bug council on 08/27/2008 - removing from CS8.0 list
Comment 12 Chandrasekar Kannan 2008-08-28 18:49:38 UTC 
Adding to tracking Bug CS8.1
Note You need to log in before you can comment on or make changes to this bug.