Missing authority ID in LWCA signing audit events. #2959
Milestone
Comments
|
Comment from mharmsen (@mharmsen) at 2017-10-31 16:43:23 Metadata Update from @mharmsen:
|
|
Comment from mharmsen (@mharmsen) at 2017-11-09 14:06:39 Per PKI Team Meeting of 20171109: Future |
|
Comment from mharmsen (@mharmsen) at 2017-11-09 14:06:42 Metadata Update from @mharmsen:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue was migrated from Pagure Issue #2839. Originally filed by edewata (@edewata) on 2017-10-23 17:18:45:
Ticket 2654 added new signing info audit events at startup time to record which keys will be used by each CA (i.e. host CA or LWCA) for cert and OCSP signing later. However, at the actual cert or OCSP signing itself, the current audit event does not indicate which LWCA actually does the signing so the key cannot be determined. To fix the problem, the cert and OCSP signing events for LWCA should be modified to include the LWCA ID (i.e. authority ID).
Cert signing:
pki/base/ca/src/com/netscape/ca/CAService.java
Line 862 in e16be80
OCSP signing:
pki/base/ca/src/com/netscape/ca/CertificateAuthority.java
Line 2437 in e16be80
pki/base/server/cms/src/com/netscape/cms/ocsp/DefStore.java
Line 406 in e16be80
pki/base/server/cms/src/com/netscape/cms/ocsp/LDAPStore.java
Line 353 in e16be80
The text was updated successfully, but these errors were encountered: