Bug 250314 - rhcs73 - crm #1637818 - Use PKCS#12 files to import certificates to smart card
rhcs73 - crm #1637818 - Use PKCS#12 files to import certificates to smart card
Status: CLOSED WONTFIX
Product: Red Hat Certificate System
Classification: Red Hat
Component: ESC (Show other bugs)
7.3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jack Magne
Chandrasekar Kannan
: FutureFeature
Depends On:
Blocks: 445047
  Show dependency treegraph
 
Reported: 2007-07-31 15:32 EDT by Issue Tracker
Modified: 2015-01-04 18:27 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-11-15 18:48:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Issue Tracker 2007-07-31 15:32:26 EDT
Escalated to Bugzilla from IssueTracker
Comment 1 Issue Tracker 2007-07-31 15:32:30 EDT
This question refers to Red Hat Certificate System 7.3 and its associated middleware for Windows.   
 
How can we import certificates to a smart card using PKCS #12 files?  Does CS 7.3 support this capability?  If not, does RedHat plan to add PKCS #12 importing support for cards in the future?   
 

This event sent from IssueTracker by ble  [SEG - Certificate System Engineering]
 issue 126122
Comment 2 Issue Tracker 2007-07-31 15:32:31 EDT
Currently, we don't support PKCS#12 on CS 7.3. This feature will be
approve by Product Manager (Kevin Unthank or Bob Lord) to add this on next
release. 

Ben.


Issue escalated to Certificate System Engineering by: ble.
Internal Status set to 'Waiting on Engineering'

This event sent from IssueTracker by ble  [SEG - Certificate System
Engineering]
 issue 126122
Comment 3 Issue Tracker 2007-07-31 15:32:33 EDT
You can use openssl and / or certutil and pk12util from nss (bundled with
rhcs)

Documents and examples:

http://www.mozilla.org/projects/security/pki/nss/
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html

RHCS73 migration guide
https://www.redhat.com/docs/manuals/cert-system/7.3/html/Migration_Guide/index.html

http://directory.fedoraproject.org/wiki/Howto:SSL

Converting an OpenSSL certificate for use with Directory Server
http://directory.fedoraproject.org/wiki/FAQ#Converting_an_OpenSSL_certificate_for_use_with_Directory_Server


Internal Status set to 'Waiting on Support'
Version set to: '7.3'

This event sent from IssueTracker by ble  [SEG - Certificate System
Engineering]
 issue 126122
Comment 4 Issue Tracker 2007-07-31 15:32:35 EDT
Hi...here is the comments from the customer

Hello, based on your suggestions we used the utilities from  
http://www.mozilla.org/projects/security/pki/nss/nss-3.9/nss-3.9-release-notes.html

- nss 3.9  
- nspr 4.4.1
(Windows versions)  

We tried using pk12util to export a certificate from a smart card token,
however we received an error "pk12util: add cert and key failed: Unable
to export.  Private Key could not be located and exported."  

We also tried using pk12util to import a certificate, but received this
error message: "pk12util: PKCS12 decode import bags failed: Unable to
import.  Error attempting to import private key."  

We noticed that there is a bug reported for pk12util (bug id # 4620283)
from SunONE at http://docs.sun.com/source/819-0426-11/notes.html which
indicates that pk12util cannot export keys from external hardware devices.
 

Could you please provide examples of how to import/export certs to/from a
smart card? 

Internal Status set to 'Waiting on SEG'

This event sent from IssueTracker by ble  [SEG - Certificate System
Engineering]
 issue 126122
Comment 11 Chandrasekar Kannan 2008-08-28 14:32:50 EDT
per bug council on 08/27/2008 - removing from CS8.0 list
Comment 12 Chandrasekar Kannan 2008-08-28 14:49:38 EDT
Adding to tracking Bug CS8.1

Note You need to log in before you can comment on or make changes to this bug.