Re-enroll of a smartcard token does not revoke the original certificates on the token
Steps to Reproduce:
1. Using the default TPS CS.cfg, re-enroll a token
Actual results:
The original certificates on the smartcard are not revoked, new certificates are issued for the token
Expected results:
The original certificates on the smartcard must be revoked, new certificates are issued for the token
Additional info:
debug log file attached to associated Bugzilla Bug
You said "Using the default TPS CS.cfg", and you did not say anything about setting the token policy. The default token policy is: tokendb.defaultPolicy=RE_ENROLL=YES;RENEW=NO;FORCE_FORMAT=NO;PIN_RESET=NO;RESET_PIN_RESET_TO_NO=NO
Since by default "FORCE_FORMAT=NO", which means during re-enrollment, the token is not formatted; And if it is not formatted, it would not follow the rules set by op.format.<tps profile>.revokeCert=true
So unless I missed something, it seems to be behaving exactly as expected.
I'm setting this bug to Invalid; You can change it again if I did miss something. And if so, please explain in more detail with more specific relevant configuration.
Metadata Update from @rpattath: - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Metadata Update from @mharmsen: - Custom field feature adjusted to '' - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field version adjusted to '' - Issue close_status updated to: invalid (was: Invalid) - Issue set to the milestone: 10.4.0 (was: 0.0 NEEDS_TRIAGE)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2665
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.