Installing CA with externally-signed CA certificate (i.e. subordinate CA) with HSM in FIPS mode failed due to the following NSS issue: https://bugzilla.redhat.com/show_bug.cgi?id=1393668
The installer needs to be modified to use the two-step workaround described in the above bug.
attachment pki-edewata-0866-Fixed-problem-installing-subordinate-CA-with-HSM-in-.patch
Fixed in master:
attachment pki-edewata-0867-Fixed-hanging-subordinate-CA-with-HSM-installation-i.patch
See also https://bugzilla.redhat.com/show_bug.cgi?id=1395509.
Additional changes in master:
The proper fix for the CLI will be implemented in ticket #1352.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1395817
Replying to [comment:1 edewata]:
Fixed in master: * 0bef3bbcc5c5cb2d6fb3f0d231c4f5b7fac5ca3b
Cherry-picked into DOGTAG_10_3_BRANCH:
Additional changes in master: * 65013d222a9e612aaaaf49ee03ceed5d6c154f59
Metadata Update from @edewata: - Issue assigned to edewata - Issue set to the milestone: 10.3.9
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2663
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.