Method to Include SKI in CA Signing Certificate Request - Githubissues

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.

https://www.dogtagpki.org

GNU General Public License v2.0

368 stars 136 forks source link

Method to Include SKI in CA Signing Certificate Request #2974

Closed pki-bot closed 4 years ago

pki-bot commented 4 years ago

This issue was migrated from Pagure Issue #2854. Originally filed by mharmsen (@mharmsen) on 2017-11-22 14:45:02:

Closed at 2018-12-18 04:10:50 as fixed
Assigned to ftweedal (@frasertweedale)
Associated bugzillas
- https://bugzilla.redhat.com/show_bug.cgi?id=1491453

Request ability to generate CA signing certificate PKCS10 requests that include the subject key identifier (SKI) in them.

Some considerations:

Include a pkispawn configuration option that will include the SKI in the CA signing certificate request.
After the CA is built, include a method to generate a new CA signing certificate request, using the same key pair, and include the SKI in the request; maybe something using the pki command or some other Dogtag commands.

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2017-11-22 14:45:46

Metadata Update from @mharmsen:

Custom field component adjusted to None
Custom field feature adjusted to None
Custom field origin adjusted to None
Custom field proposedmilestone adjusted to None
Custom field proposedpriority adjusted to None
Custom field reviewer adjusted to None
Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1491453
Custom field type adjusted to None
Custom field version adjusted to None
Issue assigned to frasertweedale
Issue priority set to: critical
Issue set to the milestone: 10.5

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2018-01-18 16:54:37

Per PKI Team Meeting of 20180118 moving to 10.6

pki-bot commented 4 years ago

Comment from mharmsen (@mharmsen) at 2018-01-18 16:54:38

Metadata Update from @mharmsen:

Issue set to the milestone: 10.6 (was: 10.5)

pki-bot commented 4 years ago

Comment from ftweedal (@frasertweedale) at 2018-05-24 20:18:01

Required NSS changes have landed upstream. See https://bugzilla.mozilla.org/show_bug.cgi?id=430198 for details. Hopefully it will not be too much longer and we can finally fix this in Dogtag.

pki-bot commented 4 years ago

Comment from ftweedal (@frasertweedale) at 2018-12-06 08:37:45

PR for Dogtag 10.6: https://github.com/dogtagpki/pki/pull/114

pki-bot commented 4 years ago

Comment from ftweedal (@frasertweedale) at 2018-12-17 01:04:01

Pushed to master:

24c2eb44d200ec6dbdf253e14ef697e09e1fd560 install: add pkispawn option for adding SKI to CSR
8bf682a9e39a7963d5e3bf50b81580839c2e11c4 install: support adding Subject Key ID to CSR

pki-bot commented 4 years ago

Comment from ftweedal (@frasertweedale) at 2018-12-18 04:10:51

Closing this now, although backport to dogtag 10.5 may be non-trivial.

pki-bot commented 4 years ago

Comment from ftweedal (@frasertweedale) at 2018-12-18 04:10:51

Metadata Update from @frasertweedale:

Issue close_status updated to: fixed
Issue status updated to: Closed (was: Open)