dogtagpki

Clone
Source Code
GIT

#1737 Generating CSR from existing key
Closed: migrated 3 years ago by dmoluguw. Opened 8 years ago by edewata.

Closed: migrated
Reopen Issue

Currently the CSRs of the system certificates are stored in CS.cfg:

ca.signing.certreq=...

This is currently necessary because the CSR may be needed in the future (e.g. for renewals). However, it may cause some maintenance issues. Sometimes the CSR could become outdated (due to rekeying) or get lost (ticket #1551). Also, the CSR can technically be regenerated using the existing key, so no need to store it in CS.cfg.

A new CLI can be provided to generate a CSR from an existing key. It will be similar to PKCS10Client except that it skips the key generation. The CLI can be called by the installation tool, thus simplifying the code. Any code that currently reads the CSR from CS.cfg will be changed to generate a new one using the CLI. Later an upgrade script can remove the CSR from existing CS.cfg.

Per CS/DS Meeting of 2016/01/25: 10.4

Are you planning to implement it in Java or in Python? python-cryptography now has necessary features to build certs: https://cryptography.io/en/latest/x509/reference/#x-509-certificate-builder

Metadata Update from @edewata:
- Issue set to the milestone: UNTRIAGED
7 years ago

Possibly in Java since the key is stored in NSS database.

This will be useful to address this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1454444

Metadata Update from @edewata:
- Custom field feature adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field version adjusted to ''
- Issue close_status updated to: None
6 years ago

Metadata Update from @edewata:
- Issue priority set to: critical (was: major)
- Issue set to the milestone: FUTURE (was: UNTRIAGED)
6 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2295

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
critical
None
None
None
defect
''
None
None
None
''
Community
major
None
None
None
None
''
Command-Line Utilities
10.4
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.