NSS token is hard coded in SigningUnit.java class causing Dogtag install to fail when system is in FIPS mode.
Steps to Reproduce:
1. Configure system for FIPS 2. Attempt to install Dogtag
Actual results:
Install fails
Expected results:
Install succeeds
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1382081 (Red Hat Certificate System)
Fixed in master:
Additional changes in master:
Cherry-picked to DOGTAG_10_3_BRANCH:
commit 8bef45df5e3d287111df8e0a33519a065e3e7b70 Author: Endi S. Dewata <edewata@redhat.com> Date: Tue Nov 1 22:49:22 2016 +0100 Fixed KRA key recovery via CLI in FIPS mode. Based on investigation and solution provided by cfu and jmagne, the SecurityDataRecoveryService.serviceRequest() has been modified to use EncryptionUnit.unwrap_temp() for key recovery via CLI in FIPS mode. https://fedorahosted.org/pki/ticket/2500 (cherry picked from commit 650b00dc57bb0c51c1e327ec3064531c26f80c43) commit ec165a0d6cd805d1b5d4fbd4fff44ff00bfcaee0 Author: Endi S. Dewata <edewata@redhat.com> Date: Sat Oct 29 07:52:36 2016 +0200 Reformatted SecurityDataRecoveryService.serviceRequest(). The code in SecurityDataRecoveryService.serviceRequest() has been reformatted for clarity. https://fedorahosted.org/pki/ticket/2500 (cherry picked from commit 613d8e8281cc336d7e1c8291abedb4b2321f93ec)
Metadata Update from @mharmsen: - Issue assigned to edewata - Issue set to the milestone: 10.3.8
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2620
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Log in to comment on this ticket.