After installing pki-tps(pki-tps-8.1.13-1.el5pki), and configuring , CS.cfg of pki-tps instance points the Encryption Profile used delegateISEtoken's is caTokenUserAuthenticationKeyEnrollment instead of caTokenUserDelegateAuthKeyEnrollment
op.enroll.delegateISEtoken.keyGen.encryption.ca.conn=ca1 op.enroll.delegateISEtoken.keyGen.encryption.ca.profileId=caTokenUserAuthentica tionKeyEnrollment op.enroll.delegateISEtoken.keyGen.encryption.certAttrId=c2
Version-Release number of selected component (if applicable):
[root@pkiserver conf]# rpm -qi pki-tps Name : pki-tps Relocations: (not relocatable) Version : 8.1.13 Vendor: Red Hat, Inc. Release : 1.el5pki Build Date: Sat 16 Nov 2013 01:41:20 AM IST Install Date: Sat 07 Dec 2013 12:34:27 PM IST Build Host: x86-001.build.bos.redhat.com Group : System Environment/Daemons Source RPM: pki-tps-8.1.13-1.el5pki.src.rpm
How reproducible: 1. Install pki-tps 2. Configure TPS instance 3. TPS CS.cfg has below entry: op.enroll.delegateISEtoken.keyGen.encryption.ca.profileId=caTokenUserAuthentica tionKeyEnrollment
Expected results: op.enroll.delegateISEtoken.keyGen.encryption.ca.profileId=caTokenUserDelegateAu thKeyEnrollment
Since TPS is rewritten, and this ticket is relating to externalReg, I'm moving this to same bucket as https://fedorahosted.org/pki/ticket/1028 TPS rewrite: provide externalReg functionality
Proposed Milestone: 10.2.2 (per CS Meeting of 09/17/2014)
External Reg
Per 10.2.2 Triage meeting of 02/24/2015: 10.2.3
(related to PKI TRAC Ticket #823 - After recovery of Encryption Cert of Temp Lost token using delegateISEtoken, Changing status to from Temp Lost to found doesn't unrevoke the Encryption Cert.)
I checked the upstream code as well as 8.1.6, that particular parameter seems to be correct: op.enroll.delegateISEtoken.keyGen.authentication.ca.profileId=caTokenUserDelegateAuthKeyEnrollment
The only thing that might raise question is op.enroll.delegateISEtoken.keyGen.encryption.ca.profileId=caTokenUserAuthenticationKeyEnrollment I will include the investigation in phase 2 of https://fedorahosted.org/pki/ticket/1028
I'm closing this ticket.
adding investigation as part of https://fedorahosted.org/pki/ticket/1028 TPS rewrite: provide externalReg functionality
Metadata Update from @nkinder: - Issue assigned to cfu - Issue set to the milestone: 10.1.2
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1391
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.