Bug 499077 - Unable to load 4 certs onto smartcard
Unable to load 4 certs onto smartcard
Status: CLOSED NOTABUG
Product: Dogtag Certificate System
Classification: Community
Component: ESC (Show other bugs)
unspecified
All Linux
high Severity urgent
: ---
: ---
Assigned To: Jack Magne
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-05-05 01:36 EDT by Chandrasekar Kannan
Modified: 2015-01-04 18:38 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-08 21:26:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Profile to generate 3 certs on the token. (userKey) (82.27 KB, text/plain)
2009-05-05 01:36 EDT, Chandrasekar Kannan
no flags Details
Profile to generate 4 certs on the token. (userKey) (82.27 KB, text/plain)
2009-05-05 01:37 EDT, Chandrasekar Kannan
no flags Details
Screen shot with 4 certs (14.46 KB, image/png)
2009-06-08 21:21 EDT, Jack Magne
no flags Details
Successful CS.cfg (82.32 KB, application/octet-stream)
2009-06-08 21:22 EDT, Jack Magne
no flags Details
CS.cfg difference between failed and successful (4.52 KB, application/octet-stream)
2009-06-08 21:23 EDT, Jack Magne
no flags Details

  None (edit)
Description Chandrasekar Kannan 2009-05-05 01:36:04 EDT
With tps profile changes in CS.cfg, we have been trying to get 4 certificates
on to the smartcard. But have been unsuccessful so far.

I'm attaching the profiles we used to the bug.

the profile we have been changing are userKey
Comment 1 Chandrasekar Kannan 2009-05-05 01:36:40 EDT
Created attachment 342412 [details]
Profile to generate 3 certs on the token. (userKey)
Comment 2 Chandrasekar Kannan 2009-05-05 01:37:27 EDT
Created attachment 342413 [details]
Profile to generate 4 certs on the token. (userKey)
Comment 3 Jack Magne 2009-06-08 21:19:42 EDT
This turned out to be a misconfiguration.

On the Safenet64K I tried this and got it to work.
Have not tried the Safenet, the only limitation could be memory space.


I will attach a copy of the successful CS.cfg for TPS to get it working.
A quick diff between my CS.cfg and the one attached here that did not work.
A screen shot of ESC showing the 4 certs.
Comment 4 Jack Magne 2009-06-08 21:21:30 EDT
Created attachment 346948 [details]
Screen shot with 4 certs
Comment 5 Jack Magne 2009-06-08 21:22:54 EDT
Created attachment 346949 [details]
Successful CS.cfg
Comment 6 Jack Magne 2009-06-08 21:23:27 EDT
Created attachment 346950 [details]
CS.cfg difference between failed and successful
Comment 7 Jack Magne 2009-06-08 21:26:54 EDT
I forgot to mention, the main problem is that the certs, public keys and private keys are given numbers and attributes. For instance the signing cert will have a private key number of 0 and public key number of 1. Etc. The numbering was was confused and thus confused the token when trying to generate the "email" private key.

If the safenet is found not to work, we can open a new bug since it will be resource limited and require action in the applet.
Comment 8 Jack Magne 2009-06-08 22:16:46 EDT
Just for fun, I tried this on a safenet card and it was able to load these 4 certs just fine.
Comment 9 Asha Akkiangady 2009-06-09 16:05:28 EDT
Tested loading 4 certs on both Gemalto 64K and Safenet 330J cards with the above mentioned Successful CS.cfg, able to load 4 certs. 

This bug is a user error, hence closing with status notabug.

Note You need to log in before you can comment on or make changes to this bug.