389-ds-base

Clone
Source Code
GIT

#47572 Separate SSL certificate and attribute encryption certificate
Closed: wontfix 3 years ago by mreynolds. Opened 10 years ago by beall.

Closed: wontfix
Reopen Issue

The SSL engine has 'nsSSLPersonalitySSL' to declare which certificate should be used for SSL.

It would be useful for the attribute encryption engine to have a similar option so that, if not set, by default it would use the SSL cert, but optionally it could be set so that a different certificate can be selected by name so that the two can be separated.

In this way, SSL certificates can be updated every couple of years when they expire, but the attribute encryption certificate can be set to a long-lived self-signed certificate which does not have to change (thus requiring data export/reimport) when the public facing cert does.

some related references:
sf 00691794 - bz 893178 - attrcrypt_decrypt_entry: FAILING because decryption operation failed
sf 00923022 - attrcrypt_unwrap_key: failed to unwrap key for cipher 3DES

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1024451

Metadata Update from @nkinder:
- Issue set to the milestone: 1.3.6.0
7 years ago

Metadata Update from @mreynolds:
- Custom field component reset (from Security - SSL)
- Issue close_status updated to: None
- Issue set to the milestone: 1.4 backlog (was: 1.3.6.0)
6 years ago

Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field reviewstatus adjusted to None
- Issue tagged with: RFE
6 years ago

Metadata Update from @mreynolds:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)
3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/909

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: duplicate)
3 years ago

Login to comment on this ticket.

Metadata
None

RFE

None
None
normal
None
RHCust
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.