dogtagpki

Clone
Source Code
GIT

#1425 pkispawn CA with HSM - if the config file has pki_client related params the dir is not created and the admin cert p12 file is stored nowhere
Closed: Duplicate None Opened 8 years ago by mharmsen.

Closed: Duplicate
Reopen Issue

pkispawn CA with HSM - if the config file has pki_client related params the dir
is not created and the admin cert p12 file is stored nowhere

Steps to Reproduce:

The inf file used for pkispawn has the following params

pki_client_dir=/opt/rhqa_pki
pki_client_admin_cert_p12=/opt/rhqa_pki/caadmincert.p12
pki_client_database_dir=/opt/rhqa_pki/rootca/certs_db
pki_client_database_password=Secret123
pki_client_database_purge=True

Actual results:

the client directory is not created and admin cert p12 file is stored nowhere

Expected results:

the client directory should be created and the admin cert p12 file should be
stored under it.

Additional info:

I tried removing these params from the inf file. pkispawnn stored the admin
cert p12 file under the default location /root/.dogtag/<pki-tomcat-inst>. With
this configuration the ca ee/admin/agent requests were successful.

The following configuration works fine with soft token:

[CA]
pki_admin_email=caadmin@example.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=Secret123
pki_admin_uid=caadmin
pki_backup_keys=True
pki_backup_password=Secret123
pki_client_dir=/opt/rhqa_pki
pki_client_database_password=Secret123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret123
pki_ds_base_dn=dc=ca,dc=example,dc=com
pki_ds_database=ca
pki_ds_password=Secret123
pki_security_domain_name=EXAMPLE
pki_token_password=Secret123

The /opt/rhqa_pki folder is created properly:

$ ls -la /opt/rhqa_pki/
total 24
drwxrwxr-x. 3 root root 4096 Jun 18 20:46 .
drwxr-xr-x. 5 root root 4096 Jun 18 20:45 ..
drwxr-xr-x. 3 root root 4096 Jun 18 20:45 ca
-rw-rw----. 1 root root 1288 Jun 18 20:46 ca_admin.cert
-rw-rw----. 1 root root  935 Jun 18 20:46 ca_admin.cert.der
-rw-------. 1 root root 2634 Jun 18 20:46 ca_admin_cert.p12

It needs to be retested using HSM. Moving to 10.2.6 per discussion with mharmsen.

Checked into master:

  • a3773d042de25120803154c96763de55bc0bd7c4

NOTE: This change will need to be removed once the actual problem is fixed.

Downgrading ticket to 'major' 10.2.6.

As I feel that this is not urgent (it has already been noted in the 'pkispawn' man page), and is not as critical as man page/documentation in the 10.2.X lifecycle, I am moving this ticket to 10.3.

This ticket has been marked a duplicate of PKI TRAC Ticket #2313 - Deletion and again creation of client directory by subsystems.

Metadata Update from @mharmsen:
- Issue assigned to mharmsen
- Issue set to the milestone: UNTRIAGED
7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1985

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
major
None
None
defect
None
None
None
None
None
QE
None
None
None
None
None
None
CA
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.