Support for ECC / Project Status - Githubissues

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.

https://www.dogtagpki.org

GNU General Public License v2.0

361 stars 134 forks source link

Support for ECC / Project Status #2894

Closed pki-bot closed 3 years ago

pki-bot commented 3 years ago

This issue was migrated from Pagure Issue #2774. Originally filed by kaspro (@kaspro) on 2017-07-02 00:46:44:

Closed at 2017-09-28 13:51:00 as duplicate
Assigned to nobody

Hello together, I wanted to ask what the status of this project, and as well of it's ECC support is. In Germany it's not even possible to get the RedHat supported version of this anymore, and it seems that most ECC- related issues (e.g. https://pagure.io/dogtagpki/issue/2574 isn't only a 'shared instance issue', and I get the same issue on OSCP: "com.netscape.certsrv.base.PKIException: Error in setting certificate names and key sizes: java.lang.ClassCastException: org.mozilla.jss.pkcs11.PK11ECPublicKey cannot be cast to java.security.interfaces.RSAPublicKey") are not even getting assigned.

I'd appreciate an honest opinion - does it make sense to build on dogtag/RHCS at all, or is it wiser to look for something else, with my issues as above?

Thanks a lot in advance, Chris

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-07-05 12:24:49

Metadata Update from @mharmsen:

Custom field component adjusted to General
Custom field feature adjusted to ''
Custom field origin adjusted to Community
Custom field proposedmilestone adjusted to ''
Custom field proposedpriority adjusted to ''
Custom field reviewer adjusted to ''
Custom field type adjusted to defect
Custom field version adjusted to ''
Issue set to the milestone: 0.0 NEEDS_TRIAGE

pki-bot commented 3 years ago

Comment from cfu (@cfu) at 2017-07-05 17:44:04

Hi, I have not tried "shared tomcat instances" so I cannot speak for that. However, I have very recent success in installing ECC CA/KRA/OCSP as separate Tomcat instances (all on the same box). The ECC CA is able to handle ECC CRMF requests successfully. Keys appear to be archived and recovered successfully to and from the ECC KRA as well. I did not have a chance to test out the ECC OCSP server yet, but it did install without a glitch.

If there is no compelling reason why "shared instance" has to be deployed, would you like to try installing them as separate instances?

pki-bot commented 3 years ago

Comment from kaspro (@kaspro) at 2017-07-15 23:03:18

Hi and thanks for your comment, but I actually decided that it won't make sense for me to go with this Software, for the reasons of activity, support and availability...

Cheers, Chris

pki-bot commented 3 years ago

Comment from cfu (@cfu) at 2017-09-28 13:51:01

Since separate tomcat instances work, and shared tomcat instance already has a ticket for, I'm closing this bug.

pki-bot commented 3 years ago

Comment from cfu (@cfu) at 2017-09-28 13:51:01

Metadata Update from @cfu:

Issue close_status updated to: duplicate
Issue status updated to: Closed (was: Open)

pki-bot commented 3 years ago

Comment from vakwetu (@vakwetu) at 2017-09-28 17:06:28

Metadata Update from @vakwetu:

Issue priority set to: major
Issue set to the milestone: 10.5 (was: 0.0 NEEDS_TRIAGE)

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2017-10-09 20:00:23

Metadata Update from @mharmsen:

Issue set to the milestone: 10.5.0 (was: 10.5)