Bug 499077 - Unable to load 4 certs onto smartcard
Summary: Unable to load 4 certs onto smartcard
Status: CLOSED NOTABUG
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: ESC   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
high
urgent
Target Milestone: ---
Assignee: Jack Magne
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 443788
TreeView+ depends on / blocked
 
Reported: 2009-05-05 05:36 UTC by Chandrasekar Kannan
Modified: 2015-01-04 23:38 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-09 01:26:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Profile to generate 3 certs on the token. (userKey) (82.27 KB, text/plain)
2009-05-05 05:36 UTC, Chandrasekar Kannan
no flags Details
Profile to generate 4 certs on the token. (userKey) (82.27 KB, text/plain)
2009-05-05 05:37 UTC, Chandrasekar Kannan
no flags Details
Screen shot with 4 certs (14.46 KB, image/png)
2009-06-09 01:21 UTC, Jack Magne
no flags Details
Successful CS.cfg (82.32 KB, application/octet-stream)
2009-06-09 01:22 UTC, Jack Magne
no flags Details
CS.cfg difference between failed and successful (4.52 KB, application/octet-stream)
2009-06-09 01:23 UTC, Jack Magne
no flags Details

Description Chandrasekar Kannan 2009-05-05 05:36:04 UTC
With tps profile changes in CS.cfg, we have been trying to get 4 certificates
on to the smartcard. But have been unsuccessful so far.

I'm attaching the profiles we used to the bug.

the profile we have been changing are userKey

Comment 1 Chandrasekar Kannan 2009-05-05 05:36:40 UTC
Created attachment 342412 [details]
Profile to generate 3 certs on the token. (userKey)

Comment 2 Chandrasekar Kannan 2009-05-05 05:37:27 UTC
Created attachment 342413 [details]
Profile to generate 4 certs on the token. (userKey)

Comment 3 Jack Magne 2009-06-09 01:19:42 UTC
This turned out to be a misconfiguration.

On the Safenet64K I tried this and got it to work.
Have not tried the Safenet, the only limitation could be memory space.


I will attach a copy of the successful CS.cfg for TPS to get it working.
A quick diff between my CS.cfg and the one attached here that did not work.
A screen shot of ESC showing the 4 certs.

Comment 4 Jack Magne 2009-06-09 01:21:30 UTC
Created attachment 346948 [details]
Screen shot with 4 certs

Comment 5 Jack Magne 2009-06-09 01:22:54 UTC
Created attachment 346949 [details]
Successful CS.cfg

Comment 6 Jack Magne 2009-06-09 01:23:27 UTC
Created attachment 346950 [details]
CS.cfg difference between failed and successful

Comment 7 Jack Magne 2009-06-09 01:26:54 UTC
I forgot to mention, the main problem is that the certs, public keys and private keys are given numbers and attributes. For instance the signing cert will have a private key number of 0 and public key number of 1. Etc. The numbering was was confused and thus confused the token when trying to generate the "email" private key.

If the safenet is found not to work, we can open a new bug since it will be resource limited and require action in the applet.

Comment 8 Jack Magne 2009-06-09 02:16:46 UTC
Just for fun, I tried this on a safenet card and it was able to load these 4 certs just fine.

Comment 9 Asha Akkiangady 2009-06-09 20:05:28 UTC
Tested loading 4 certs on both Gemalto 64K and Safenet 330J cards with the above mentioned Successful CS.cfg, able to load 4 certs. 

This bug is a user error, hence closing with status notabug.


Note You need to log in before you can comment on or make changes to this bug.