Description of problem:
Scenario-1:
Unable to Recover certs/keys generated using EE profile caDualCert with keypair size 3072 .
Steps to reproduce:
Generate user cert called "uid=t1,E=t1@example.org,CN=t1" using caDualCert profile with Keysize 3072
Approve the request from CA Agent
dn: uid=admin3a,dc=gsslab,dc=pnq,dc=redhat,dc=com objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: top objectClass: extensibleobject cn: admin3a sn: admin3a userPassword: redhat uid: admin3a givenName: admin3a mail: admin3a@example.org firstname: admin3a edipi: 23456788 pcc: AA exec-edipi: 111111110 exec-pcc: BB exec-mail: admin3a@EXAMPLE.COM
dn: uid=admin3a,dc=gsslab,dc=pnq,dc=redhat,dc=com changetype: modify replace: tokenType tokenType: externalRegAddToToken - replace: certsToAdd certsToAdd: 22021660,ca1,169,drm1
op=var_set name=ra_host value=pkiserver.gsslab.pnq.redhat.com op=var_set name=ra_port value=7888 op=var_set name=ra_uri value=/nk_service op=token_set cuid=55555555555555555551 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0 op=token_set auth_key=404142434445464748494a4b4c4d4e4f op=token_set mac_key=404142434445464748494a4b4c4d4e4f op=token_set kek_key=404142434445464748494a4b4c4d4e4f op=ra_enroll uid=admin3a pwd=redhat new_pin=Secret123 num_threads=1 op=exit
tpsclient < enroll.tps
Output> Thread (0) status='0' time='40870 msec' Result> Error - Operation 'ra_enroll' Failure (40870 msec) Command>op=exit
Note: Increasing TCP Recv. Buffersize to 32768 doesn't help either.
Scenario-2: Unable to Enroll token using userKey profile with keysize increased to 3072.
op.enroll.userKey.keyGen.encryption.keySize=3072 op.enroll.userKey.keyGen.signing.keySize=3072
externalReg.authId=ldap3 externalReg.delegation.enable=false externalReg.delete.deleteFromDB=false externalReg.enable=false
Set TCP Recv. buffer size as shown below: tps.recvBufSize=32768 tps.printBufFull=true
Restart TPS service
Create user fubar1 in Authentication DB.
dn: uid=fubar1,dc=gsslab,dc=pnq,dc=redhat,dc=com uid: fubar1 cn: fubar1 sn: 1 objectClass: top objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person ou: US userPassword: redhat mail: fubar1@example.org st: North Carolina l: Raleigh
$ ldapadd -x -D "cn=Directory Manager" -w redhat@123 -h localhost -f users.ldif adding new entry "uid=fubar1,dc=gsslab,dc=pnq,dc=redhat,dc=com"
op=var_set name=ra_host value=pkiserver.gsslab.pnq.redhat.com op=var_set name=ra_port value=7888 op=var_set name=ra_uri value=/nk_service op=token_set cuid=66666666666666666661 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0 op=token_set auth_key=404142434445464748494a4b4c4d4e4f op=token_set mac_key=404142434445464748494a4b4c4d4e4f op=token_set kek_key=404142434445464748494a4b4c4d4e4f op=ra_enroll uid=fubar1 pwd=redhat new_pin=Secret123 num_threads=1 op=exit
Enrollment fails:
Output> Thread (0) status='0' time='70697 msec' Result> Error - Operation 'ra_enroll' Failure (70697 msec) Command>op=exit
Per PKI Bug Council of 06/30/2016: 10.4
Metadata Update from @nkinder: - Issue set to the milestone: UNTRIAGED
Metadata Update from @mharmsen: - Custom field feature adjusted to '' - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field version adjusted to '' - Issue close_status updated to: None - Issue set to the milestone: 10.4 (was: UNTRIAGED)
Per CS/DS Meeting of August 7, 2017, it was determined to move this issue from 10.4 ==> FUTURE.
Metadata Update from @mharmsen: - Issue set to the milestone: FUTURE (was: 10.4)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1358
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.