dogtagpki

Clone
Source Code
GIT

#1285 [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page
Closed: Fixed None Opened 9 years ago by mharmsen.

Closed: Fixed
Reopen Issue

In recent testing of the CA profile entitled 'Manual User Signing & Encryption Certificates Enrollment' (generally used to verify that the KRA is working properly), the following issue was discovered:

Firefox 36:

Dual Key Generation
* Key Generation Request Type   Not Supported
* Key Generation Request        Not Supported
Subject Name
...

Firefox 31.4.0:

Dual Key Generation
* Key Generation Request Type   crmf
* Key Generation Request    1024 RSA  (Encryption),    1024 RSA  (Signing)
Subject Name
...

Firefox 31.4.0 was used to verify the sanity of my installed KRA, however, further investigation explained that this feature has been removed from Firefox 34 and later:

We should either:

(a) fix this profile (which may also require some minor documentation updates), or
(b) supply a CLI to create such a request, remove this profile from the product,
    and document what happened to it as well as the CLI procedure used to
    replace it.

Proposed milestone: 10.2.3

A CLI to generate CRMF request is provided in ticket #1074.

Need to update the man page with instruction to generate CRMF request. Also need to inform UI users to use CLI instead.

Per CS/DS meeting of 03/02/2015: 10.2 Backlog

Moving to 10.3.5, since this is more than just a man page, some server work required, out of time.

Checkin: Closing

commit 96ebbeadc61e5a4c9df5d5adbd062a58ac3dee3c
Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com
Date: Wed Jul 13 17:15:14 2016 -0700

[MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page

This fix will involve the following changes to the source tree.

1. Fixes to the CS.cfg to add two new cert profiles.
2. Make the caDualCert.cfg profile invisible since it has little chance of
working any more in Firefox.
3. Create caSigningUserCert.cfg and caSigningECUserCert.cfg to allow the CLI
to have convenient profiles from which to enroll signing ONLY certificates.

Also downstream realease not bug filed:

https://bugzilla.redhat.com/show_bug.cgi?id=1355849

Metadata Update from @mharmsen:
- Issue assigned to jmagne
- Issue set to the milestone: 10.3.5
7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1847

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
major
None
None
defect
None
None
None
None
None
Community
None
http://koji.fedoraproject.org/koji/buildinfo?buildID=789739
None
None
None
None
Documentation
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.