#1200 make sure pkispawn works with hsm
Closed: Fixed None Opened 9 years ago by vakwetu.

There was recently a thread in which a user had some difficulty in configuring a system using pkispawn using an HSM. We need to test this and make it as seamless as possible.

Suggested milestone:
10.1.2


Based upon CS/DS meeting of 11/10/2014: 10.2.2

Per 10.2.2 Triage meeting of 02/24/2015: 10.2.3

A summary of the things need done so far:
1. needed new parameters for pkispawn to specify hsm module name and library path and evoke modutil to register module
2. needed to change it so that the temporary SSL server cert/keys go into the software token
3. It appears that in case when hsm is specified, the soft token (internal) password is missing from password.conf, which caused tomcatjss to not login to the nss token thus making ssl handshake fail, even though tomcat appears to be up. This needs to be fixed.

Checked into 'master':

  • ab5f54371519010c72f4947901c3a76cb5105e41

Metadata Update from @vakwetu:
- Issue assigned to mharmsen
- Issue set to the milestone: 10.2.3

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1762

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata