The CertificateAuthority.deleteAuthority() method currently ignores a TokenException exception raised by cryptoStore.deletePrivateKey(). This does not cause any immediate issues but we should get to the bottom of why this is happening.
Unfortunately, jss does not provide us with all the error information from nss, so it may involve debugging builds or other analysis to work out what the actual cause is, and how to remedy.
Lightweight CA should be covered as a new feature on Idm side
It may need JSS enhancements similar to ticket #850. The enhancements should be added as a permanent solution in JSS to troubleshoot issues related to key deletion.
attachment pki-ftweedal-0110-Lightweight-CAs-remove-redundant-deletePrivateKey-in.patch
Pushed to master (c685a4195cdde16e875478b0f4554e688762f927)
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: 10.3.2
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2199
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.