An embedded device is spitting out CSRs that use sha384WithRSAEncryption. We can't reconfigure it to use SHA512RSA or EC anything. We also can't generate a key and cert pair and upload it to the device.
Try to sign
-----BEGIN CERTIFICATE REQUEST----- MIIDBDCCAewCAQAwgZkxCzAJBgNVBAYTAk5DMRAwDgYDVQQIDAdSYWxlaWdoMR8w HQYDVQQHDBZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRAwDgYDVQQKDAdSZWQgSGF0 MQ0wCwYDVQQLDARJbmMuMSMwIQYDVQQDDBpvdnBuMDEtbWdtdC5mYWIucmVkaGF0 LmNvbTERMA8GCSqGSIb3DQEJARYCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCnFzNhnfslG//kD/31perhjI2muSuU66ameDXkspLjIxkBiC78Yhcr Sg9u5mUXvDa74GWwoiO8EEbXQp/+ekS4BgBSFGrvY0uHZp4YVOOgfldzCg211HKM CgG+IJ/QXMmTvrlwGxTGuTefxWinELV75hPNUvPk4wtLafpWfv2e1TIFTLR/EHUs K8pO2dFy037HK3ELpip1xeRsaRoynjr8SG4yp2Hjkyd/iww/Yp4hINDgELjm0/QJ 5ReBcM/+kAzLBJsZv1mUC9CKXrED60J62rl754u9b1NZ/lBR8E/xNdd0jnK6LWRp mIMcFRcicyxK5PiWaBh4a/uk/jBV74zHAgMBAAGgJTAjBgkqhkiG9w0BCQcxFgwU QSBjaGFsbGVuZ2UgcGFzc3dvcmQwDQYJKoZIhvcNAQEMBQADggEBAGypMwHIQGjY RUYjlSIxpGBO3f1wBRNPQrTHoX7iNF4K22OEA6d0hvGZDHI699R5uyZx3+aKiIlE 6N/iAenytWQmztpf7BEVVzKutW0kjJ2zz76HkuI6d1L3hc14WnCG6HtR09KaHsh9 eJJqKVfXgJLC0ZRjgkyS0XM7nfQgskSWB96J9r5WWxRX/ETV+vrq3j4N7+HspzFg xO7rxaA6BJn/i3E/WgImirhfN+4d2cL2VORu7Lu0izdPahWuAnmezxbJjbCL6OY5 bZwU2WjRTlMbDg9M66GFvOENw7cua+FPr8zpzNe0pxC1n/4Q71kQNdqIBI/TC5e2 xMdh9hervRc= -----END CERTIFICATE REQUEST-----
Get error in summary indicating that its not supported.
uploaded CSR since ticket ate part of it.
attachment bad.csr
Tested to work with 1. the CSR provided by bug reporter in ticket against caServerCert enrollment profile 2. few selected profiles
Pushed to master
commit 158bb22a87832ff2be07ac4b75c8f2927caefd55 Author: Christina Fu cfu@redhat.com Date: Fri Jun 17 15:18:52 2016 -0700
Ticket #2346 support SHA384withRSA This patch adds support for SHA384withRSA signing algorithm.
Metadata Update from @dminnich: - Issue assigned to cfu - Issue set to the milestone: 10.3.3
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2466
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.