Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkispawn: make subject_dn defaults unique per instance name (for shared HSM) #2566

Closed
pki-bot opened this issue Oct 3, 2020 · 5 comments
Closed

pkispawn: make subject_dn defaults unique per instance name (for shared HSM) #2566

pki-bot opened this issue Oct 3, 2020 · 5 comments
Labels
Closed: Fixed
Milestone
10.3.6

Comments

@pki-bot
Copy link

pki-bot commented Oct 3, 2020

This issue was migrated from Pagure Issue #2446. Originally filed by cfu (@cfu) on 2016-08-25 01:44:37:

When installing multiple instances on the same host sharing the same HSM, if subject_dn's are not specifically spelled out with unique names for each instance, installation will fail with complaints that same subject name and serial number already exist.
This happens in the scenario if you are creating a subordinate CA, for example, that's in the same domain name as the root CA. It is very inconvenient that you are expected to spell out subject dn's of all system certs in the pkispawn config file.
I think it would be much more convenient if we change default.cfg so that the instance name is in the default subject dn, e.g. adding it as an "ou" component:
ou=%(pki_instance_name)s
@pki-bot pki-bot added this to the 10.3.6 milestone Oct 3, 2020
@pki-bot pki-bot closed this as completed Oct 3, 2020
@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from cfu (@cfu) at 2016-08-25 01:45:51

fix with instance name added as "ou" component in all default subject dn's
default.cfg.subjectDNfix

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from mharmsen (@mharmsen) at 2016-08-31 21:21:42

Per PKI Bug Council of 08/31/2016: 10.3.6

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from cfu (@cfu) at 2016-09-01 02:00:36

Pushed to master:
commit 1195ee9

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from mharmsen (@mharmsen) at 2016-09-07 23:22:44

Cherry-picked into DOGTAG_10_3_BRANCH:

From 1d1b3a7 Mon Sep 17 00:00:00 2001
From: Christina Fu cfu@dhcp-16-189.sjc.redhat.com
Date: Wed, 31 Aug 2016 14:03:02 -0700
Subject: [PATCH 02/10] Ticket 2446 pkispawn: make subject_dn defaults unique
per instance name (for shared HSM) When installing multiple instances on the
same host sharing the same HSM, if subject_dn's are not specifically spelled
out with unique names for each instance, installation will fail with
complaints that same subject name and serial number already exist. This
happens in the scenario if you are creating a subordinate CA, for example,
that's in the same domain name as the root CA. It is very inconvenient that
you are expected to spell out subject dn's of all system certs in the
pkispawn config file. This patch changes default.cfg so that the instance
name is in the default subject dn, e.g. adding it as an "ou" component:
ou=%(pki_instance_name)s

(cherry picked from commit 1195ee9)

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from cfu (@cfu) at 2017-02-27 14:04:45

Metadata Update from @cfu:

  • Issue assigned to cfu
  • Issue set to the milestone: 10.3.6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Closed: Fixed
Projects
None yet
Milestone
10.3.6
Development

No branches or pull requests
1 participant
@pki-bot