Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-enroll of a smartcard token does not revoke the original certificates on the token #2665

Closed
pki-bot opened this issue Oct 3, 2020 · 3 comments
Closed

Re-enroll of a smartcard token does not revoke the original certificates on the token #2665

pki-bot opened this issue Oct 3, 2020 · 3 comments
Labels
Closed: Not a bug
Milestone
10.4.0

Comments

@pki-bot
Copy link

pki-bot commented Oct 3, 2020

This issue was migrated from Pagure Issue #2545. Originally filed by rpattath (@rpattath) on 2016-11-16 19:19:44:

Re-enroll of a smartcard token does not revoke the original certificates on the
token

Steps to Reproduce:

1. Using the default TPS CS.cfg, re-enroll a token

Actual results:

The original certificates on the smartcard are not revoked, new certificates
are issued for the token

Expected results:

The original certificates on the smartcard must be revoked, new certificates
are issued for the token

Additional info:

debug log file attached to associated Bugzilla Bug
@pki-bot pki-bot added this to the 10.4.0 milestone Oct 3, 2020
@pki-bot pki-bot closed this as completed Oct 3, 2020
@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from cfu (@cfu) at 2016-11-19 02:03:51

You said "Using the default TPS CS.cfg", and you did not say anything about setting the token policy.
The default token policy is:
tokendb.defaultPolicy=RE_ENROLL=YES;RENEW=NO;FORCE_FORMAT=NO;PIN_RESET=NO;RESET_PIN_RESET_TO_NO=NO

Since by default "FORCE_FORMAT=NO", which means during re-enrollment, the token is not formatted; And if it is not formatted, it would not follow the rules set by
op.format..revokeCert=true

So unless I missed something, it seems to be behaving exactly as expected.

I'm setting this bug to Invalid; You can change it again if I did miss something. And if so, please explain in more detail with more specific relevant configuration.

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from rpattath (@rpattath) at 2017-02-27 14:00:14

Metadata Update from @rpattath:

  • Issue set to the milestone: 0.0 NEEDS_TRIAGE

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from mharmsen (@mharmsen) at 2017-03-14 18:52:52

Metadata Update from @mharmsen:

  • Custom field feature adjusted to ''
  • Custom field proposedmilestone adjusted to ''
  • Custom field proposedpriority adjusted to ''
  • Custom field reviewer adjusted to ''
  • Custom field version adjusted to ''
  • Issue close_status updated to: invalid (was: Invalid)
  • Issue set to the milestone: 10.4.0 (was: 0.0 NEEDS_TRIAGE)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Closed: Not a bug
Projects
None yet
Milestone
10.4.0
Development

No branches or pull requests
1 participant
@pki-bot