Issue #2545: Re-enroll of a smartcard token does not revoke the original certificates on the token - dogtagpki

dogtagpki

#2545 Re-enroll of a smartcard token does not revoke the original certificates on the token

Closed: invalid None Opened 7 years ago by rpattath.

Re-enroll of a smartcard token does not revoke the original certificates on the
token

Steps to Reproduce:

1. Using the default TPS CS.cfg, re-enroll a token

Actual results:

The original certificates on the smartcard are not revoked, new certificates
are issued for the token

Expected results:

The original certificates on the smartcard must be revoked, new certificates
are issued for the token

Additional info:

debug log file attached to associated Bugzilla Bug

cfu commented 7 years ago

You said "Using the default TPS CS.cfg", and you did not say anything about setting the token policy.
The default token policy is:
tokendb.defaultPolicy=RE_ENROLL=YES;RENEW=NO;FORCE_FORMAT=NO;PIN_RESET=NO;RESET_PIN_RESET_TO_NO=NO

Since by default "FORCE_FORMAT=NO", which means during re-enrollment, the token is not formatted; And if it is not formatted, it would not follow the rules set by
op.format.<tps profile>.revokeCert=true

So unless I missed something, it seems to be behaving exactly as expected.

I'm setting this bug to Invalid; You can change it again if I did miss something. And if so, please explain in more detail with more specific relevant configuration.

Metadata Update from @rpattath:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

7 years ago

Metadata Update from @mharmsen:
- Custom field feature adjusted to ''
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field version adjusted to ''
- Issue close_status updated to: invalid (was: Invalid)
- Issue set to the milestone: 10.4.0 (was: 0.0 NEEDS_TRIAGE)

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2665

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

10.4.0

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1394020

type

defect

version

keywords

None

estimate

None

feature

origin

proposedpriority

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

component

TPS

proposedmilestone

dogtagpki

Source Code

#2545 Re-enroll of a smartcard token does not revoke the original certificates on the token Closed: invalid None Opened 7 years ago by rpattath.

Metadata

#2545 Re-enroll of a smartcard token does not revoke the original certificates on the token

Closed: invalid None Opened 7 years ago by rpattath.