#2543 Unable to install subordinate CA with HSM in FIPS mode
Closed: Fixed None Opened 6 years ago by edewata.

Installing CA with externally-signed CA certificate (i.e. subordinate CA) with HSM in FIPS mode failed due to the following NSS issue:

The installer needs to be modified to use the two-step workaround described in the above bug.

Fixed in master:

  • 0bef3bbcc5c5cb2d6fb3f0d231c4f5b7fac5ca3b

Additional changes in master:

  • 65013d222a9e612aaaaf49ee03ceed5d6c154f59

The proper fix for the CLI will be implemented in ticket #1352.

Replying to [comment:1 edewata]:

Fixed in master:
* 0bef3bbcc5c5cb2d6fb3f0d231c4f5b7fac5ca3b

Cherry-picked into DOGTAG_10_3_BRANCH:

  • b058ded6f9708edc601041077339947f0f87c19f

Additional changes in master:
* 65013d222a9e612aaaaf49ee03ceed5d6c154f59

Cherry-picked into DOGTAG_10_3_BRANCH:

  • c8553a5308e23b66cee7fc1a357042f99d07b0c7

Metadata Update from @edewata:
- Issue assigned to edewata
- Issue set to the milestone: 10.3.9

6 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.