There was recently a thread in which a user had some difficulty in configuring a system using pkispawn using an HSM. We need to test this and make it as seamless as possible.
Suggested milestone: 10.1.2
Based upon CS/DS meeting of 11/10/2014: 10.2.2
Per 10.2.2 Triage meeting of 02/24/2015: 10.2.3
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1213559 (Red Hat Certificate System)
A summary of the things need done so far: 1. needed new parameters for pkispawn to specify hsm module name and library path and evoke modutil to register module 2. needed to change it so that the temporary SSL server cert/keys go into the software token 3. It appears that in case when hsm is specified, the soft token (internal) password is missing from password.conf, which caused tomcatjss to not login to the nss token thus making ssl handshake fail, even though tomcat appears to be up. This needs to be fixed.
Add HSM options to pkispawn [https://fedorahosted.org/pki/ticket/1346 PKI TRAC Ticket #1346] 20150413-Add-HSM-options-to-pkispawn.patch
Add HSM passwords to pkispawn 20150420-Add-HSM-passwords-to-pkispawn.patch
Checked into 'master':
Metadata Update from @vakwetu: - Issue assigned to mharmsen - Issue set to the milestone: 10.2.3
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1762
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.