From the EE page , select "Manual User Dual-Use Certificate Enrollment" In the key generation request, There is no option to select ECC Curves. When CA installation is done using ECC , Unable to Enroll User Certs using ECC.
Steps to Reproduce:
1. Install CA with ECC 2. open EE URL 3. Select profile "Manual User Dual-Use Certificate Enrollment" 4. There is no way to select ECC Curves. 5. Selecting "Higher Grade" and submitting the request , this uses only RSA,
Actual results:
Unable to select ECC curves from the profiles
Expected results:
Should be able to select ECC Curves.
Per CS/DS Meeting of 6/29/2015: 10.2.6
Proposed patch about the be submitted for this.
The best we can do is support the High and Medium Grade selectors. This maps to 1024/2048 for RSA and nistp256,nistp384 for ECC.
Checkins:
commit f4235b4fc280253d235193eda476c72d948e2664 Author: Jack Magne jmagne@localhost.localdomain Date: Tue Jun 30 17:22:23 2015 -0700
Unable to select ECC Curves from EE fix. Ticket #1446: Without the crypto object, the user is now presented with a very bared bones keygen tag powered UI. ONe can only select a key strength and only use RSA. This fix adds simple UI to make better use of the keygen tag: 1. Allows the use of ECC. 2. Gives simple info on how the key strengths map to RSA key size and ECC curves. When the user selects High, they get RSA 2043, and ECC nistp384. When the user selects Medium, they get RSA 1024, and ECC nistp256.
Metadata Update from @mharmsen: - Issue assigned to jmagne - Issue set to the milestone: 10.2.6
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2006
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.