854540 – (keys_in_pkcs12) PRD32 - pki: use PKCS#12 format to store keys

Bug 854540 (keys_in_pkcs12) - PRD32 - pki: use PKCS#12 format to store keys

Summary: PRD32 - pki: use PKCS#12 format to store keys

Keywords:
Status:	CLOSED ERRATA
Alias:	keys_in_pkcs12
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	3.2.0
Assignee:	Alon Bar-Lev
QA Contact:	Pavel Stehlik
Docs Contact:
URL:
Whiteboard:	infra
Depends On:
Blocks:	809095 Simon-RFE-Tracker 915537
TreeView+	depends on / blocked

Reported:	2012-09-05 09:56 UTC by Alon Bar-Lev
Modified:	2022-07-09 06:03 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	oVirt Engine now uses the PKCS#12 format to store keys, replacing the previous Java Key Store format. The PKCS#12 format separates the engine as client key usage and engine as server key usage to support third party certificates for the web administration and user portals.
Clone Of:
Environment:
Last Closed:	2013-06-10 21:09:46 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:
Flags:	dyasny: Triaged+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHV-47123	0	None	None	None	2022-07-09 06:03:47 UTC
Red Hat Product Errata	RHSA-2013:0888	0	normal	SHIPPED_LIVE	Moderate: Red Hat Enterprise Virtualization Manager 3.2 update	2013-06-11 00:55:41 UTC

Description Alon Bar-Lev 2012-09-05 09:56:24 UTC

commit de7c6e35dbec447bcddb3cae1d58cf6596dfdcb3
Author: Alon Bar-Lev <alonbl>
Date:   Sat Aug 4 21:27:00 2012 +0300

    pki: use PKCS#12 format to store keys
    
    Java supports standard cryptographic format PKCS#12, this format
    bundles private key and certificate chain into one file with integrity
    of passphrase.
    
    Using Java proprietary key store format force additional work if using
    non-Java solutions.
    
    This change is a migration from JKS and duplicates into single PKCS#12
    keystore for private key store. It does not handle the trust store which
    is left as JKS for now.
    
    Remove unnecessary scripts from CA implementations that do not support
    this effort.
    
    Change-Id: I2abda5778477faff09798a43cf3dc96435efb272
    Signed-off-by: Alon Bar-Lev <alonbl>

http://gerrit.ovirt.org/#/c/6883/

Comment 1 Alon Bar-Lev 2012-09-30 09:33:06 UTC

http://gerrit.ovirt.org/#/c/8276/

Comment 2 Alon Bar-Lev 2012-10-03 15:21:50 UTC

http://gerrit.ovirt.org/#/c/8341/

Comment 7 Cheryn Tan 2013-04-03 06:53:00 UTC

This bug is currently attached to errata RHEA-2013:14491. If this change is not to be documented in the text for this errata please either remove it from the errata, set the requires_doc_text flag to minus (-), or leave a "Doc Text" value of "--no tech note required" if you do not have permission to alter the flag.

Otherwise to aid in the development of relevant and accurate release documentation, please fill out the "Doc Text" field above with these four (4) pieces of information:

* Cause: What actions or circumstances cause this bug to present.

* Consequence: What happens when the bug presents.

* Fix: What was done to fix the bug.

* Result: What now happens when the actions or circumstances above occur. (NB: this is not the same as 'the bug doesn't present anymore')

Once filled out, please set the "Doc Type" field to the appropriate value for the type of change made and submit your edits to the bug.

For further details on the Cause, Consequence, Fix, Result format please refer to:

https://bugzilla.redhat.com/page.cgi?id=fields.html#cf_release_notes

Thanks in advance.

Comment 8 Alon Bar-Lev 2013-04-03 07:20:57 UTC

Doc is provided at dependencies.

Comment 9 errata-xmlrpc 2013-06-10 21:09:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0888.html

Note You need to log in before you can comment on or make changes to this bug.