Description of problem: pki-silent needs an option to configure signing algorithm for CA certificates.
Created attachment 460884 [details] patch to fix
8.1: [vakwetu@goofy-vm4 silent]$ svn ci -m "Bugzilla Bug 583754 - pki-silent needs an option to configure signing algorithm for CA certificates" Sending silent/src/ca/ConfigureCA.java Sending silent/src/subca/ConfigureSubCA.java Sending silent/templates/pki_silent.template Sending silent/templates/subca_silent.template Transmitting file data .... Committed revision 1506. tip: [vakwetu@dhcp231-121 silent]$ svn ci -m "Bugzilla Bug 583754 - pki-silent needs an option to configure signing algorithm for CA certificates" Sending silent/src/ca/ConfigureCA.java Sending silent/src/subca/ConfigureSubCA.java Sending silent/templates/pki_silent.template Sending silent/templates/subca_silent.template Transmitting file data .... Committed revision 1507.
FYI - this submission will change the invocation of pkisilent for the configuration of a CA and subCA. For both CA and subCA, new parameters are added: -signing_algorithm ${ca_signing_algorithm} \ -signing_signingalgorithm ${ca_signing_signingalgorithm} \ -ocsp_signing_signingalgorithm ${ca_ocsp_signing_signingalgorithm} \ For subCA, the following parameter has been removed: -key_algorithm See the new templates for explanantions of the new parameters.
Created attachment 463019 [details] pkisilent script for successful CA configuration
I think there may be a problem with the patch. Aren't these new signing arguments meant to be optional with a default of SHA256withRSA? As currently implemented the arg parser is demanding they be provided on the command line. A quick look at the code suggests the SHA256withRSA value will be provided as a default but the arg parser aborts the process before we get that far because it believes the argument is required. Required parameter -signing_algorithm is not specified. This occurs because the string "optional" does not appear in the argument description set via parser.addOption(). (ArgParser.java line 1711). Was it intended these arguments were meant to be required?
RE comment 8: Agreed, I noticed that you attached a patch to https://bugzilla.redhat.com/show_bug.cgi?id=588323. which I reviewed and approved. I am closing this bug then, pending the application of that patch. Make sure that the changes are checked into both 8.1 and the tip.
Created attachment 471495 [details] make signing_algorithm arg optional Actual patch which was committed. Note, this also includes documentation of the default values in the usage message.
dogtag commit: Committed revision 1679 CS 8.1 commit: Committed revision 1680