Dogtag supports HSM for the CA keys. Update FreeIPA installers and management interface to support this configuration, rather than only supporting Dogtag with keys in NSS databases.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1405935 (Red Hat Enterprise Linux 7)
Metadata Update from @mkosek: - Issue assigned to someone - Issue set to the milestone: Future Releases
Metadata Update from @cheimes: - Issue assigned to cheimes (was: someone) - Issue close_status updated to: None
master:
For future reference: https://github.com/freeipa/freeipa/pull/3023 is an abandoned backport to 4.7 branch. We decided to keep the changes in master / 4.8 for now.
Metadata Update from @cheimes: - Issue set to the milestone: FreeIPA 4.8 (was: Future Releases)
ipa-4-8:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @rcritten: - Custom field affects_doc adjusted to on - Custom field knownissue adjusted to on - Issue status updated to: Open (was: Closed)
Re-opening to track additional changes needed for full HSM support.
On second thought, I'll create a new ticket. This isn't about general HSM support but the override file.
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.