Escalated to Bugzilla from IssueTracker
This question refers to Red Hat Certificate System 7.3 and its associated middleware for Windows. How can we import certificates to a smart card using PKCS #12 files? Does CS 7.3 support this capability? If not, does RedHat plan to add PKCS #12 importing support for cards in the future? This event sent from IssueTracker by ble [SEG - Certificate System Engineering] issue 126122
Currently, we don't support PKCS#12 on CS 7.3. This feature will be approve by Product Manager (Kevin Unthank or Bob Lord) to add this on next release. Ben. Issue escalated to Certificate System Engineering by: ble. Internal Status set to 'Waiting on Engineering' This event sent from IssueTracker by ble [SEG - Certificate System Engineering] issue 126122
You can use openssl and / or certutil and pk12util from nss (bundled with rhcs) Documents and examples: http://www.mozilla.org/projects/security/pki/nss/ http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html RHCS73 migration guide https://www.redhat.com/docs/manuals/cert-system/7.3/html/Migration_Guide/index.html http://directory.fedoraproject.org/wiki/Howto:SSL Converting an OpenSSL certificate for use with Directory Server http://directory.fedoraproject.org/wiki/FAQ#Converting_an_OpenSSL_certificate_for_use_with_Directory_Server Internal Status set to 'Waiting on Support' Version set to: '7.3' This event sent from IssueTracker by ble [SEG - Certificate System Engineering] issue 126122
Hi...here is the comments from the customer Hello, based on your suggestions we used the utilities from http://www.mozilla.org/projects/security/pki/nss/nss-3.9/nss-3.9-release-notes.html - nss 3.9 - nspr 4.4.1 (Windows versions) We tried using pk12util to export a certificate from a smart card token, however we received an error "pk12util: add cert and key failed: Unable to export. Private Key could not be located and exported." We also tried using pk12util to import a certificate, but received this error message: "pk12util: PKCS12 decode import bags failed: Unable to import. Error attempting to import private key." We noticed that there is a bug reported for pk12util (bug id # 4620283) from SunONE at http://docs.sun.com/source/819-0426-11/notes.html which indicates that pk12util cannot export keys from external hardware devices. Could you please provide examples of how to import/export certs to/from a smart card? Internal Status set to 'Waiting on SEG' This event sent from IssueTracker by ble [SEG - Certificate System Engineering] issue 126122
per bug council on 08/27/2008 - removing from CS8.0 list
Adding to tracking Bug CS8.1