In recent testing of the CA profile entitled 'Manual User Signing & Encryption Certificates Enrollment' (generally used to verify that the KRA is working properly), the following issue was discovered:
Firefox 36:
Dual Key Generation * Key Generation Request Type Not Supported * Key Generation Request Not Supported Subject Name ...
Firefox 31.4.0:
Dual Key Generation * Key Generation Request Type crmf * Key Generation Request 1024 RSA (Encryption), 1024 RSA (Signing) Subject Name ...
Firefox 31.4.0 was used to verify the sanity of my installed KRA, however, further investigation explained that this feature has been removed from Firefox 34 and later:
We should either:
(a) fix this profile (which may also require some minor documentation updates), or (b) supply a CLI to create such a request, remove this profile from the product, and document what happened to it as well as the CLI procedure used to replace it.
Proposed milestone: 10.2.3
A CLI to generate CRMF request is provided in ticket #1074.
Need to update the man page with instruction to generate CRMF request. Also need to inform UI users to use CLI instead.
Per CS/DS meeting of 03/02/2015: 10.2 Backlog
Moving to 10.3.5, since this is more than just a man page, some server work required, out of time.
Checkin: Closing
commit 96ebbeadc61e5a4c9df5d5adbd062a58ac3dee3c Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com Date: Wed Jul 13 17:15:14 2016 -0700
[MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page This fix will involve the following changes to the source tree. 1. Fixes to the CS.cfg to add two new cert profiles. 2. Make the caDualCert.cfg profile invisible since it has little chance of working any more in Firefox. 3. Create caSigningUserCert.cfg and caSigningECUserCert.cfg to allow the CLI to have convenient profiles from which to enroll signing ONLY certificates.
Also downstream realease not bug filed:
https://bugzilla.redhat.com/show_bug.cgi?id=1355849
Metadata Update from @mharmsen: - Issue assigned to jmagne - Issue set to the milestone: 10.3.5
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1847
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.