This issue was migrated from Pagure Issue #3064.Originally filed by mharmsen on 2018-09-21
Steps to Reproduce:
1. Setup CA and KRA with ECC
2. Add the following parameters to KRAs CS.cfg
kra.allowEncDecrypt.archival=true
kra.allowEncDecrypt.recovery=true
kra.legacyPKCS12=false
3. request a client certificate using the following command:
pki -v -d /tmp/nssdb/ -c SECret.123 client-cert-request CN=foo1
--profile caSigningUserCert --type crmf --algorithm ec --curve nistp256
Here the caSigningUserCert is used because caSigningECUserCert is not enabled by default. I have used the workaround where first stop the CA, put the contents of caSigningECUserCert into caSigningUserCert since the system does not let me enable caSigningECUserCert and then restart CA
Actual results:
The command fails with NullPointerException
Expected results:
The client-cert-request should succeed
Additional info:
By default the caSigningECUserCert profile should be enabled for ECC installation to be
used for CRMF requests
This issue was migrated from Pagure Issue #3064.Originally filed by mharmsen on 2018-09-21
Steps to Reproduce:
Here the caSigningUserCert is used because caSigningECUserCert is not enabled by default. I have used the workaround where first stop the CA, put the contents of caSigningECUserCert into caSigningUserCert since the system does not let me enable caSigningECUserCert and then restart CA
Actual results:
Expected results:
Additional info: