<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>looks good.  if tested to work, ack.</p>
    <p>Christina<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11/15/2016 01:57 PM, Endi Sukma
      Dewata wrote:<br>
    </div>
    <blockquote
      cite="mid:7b3623ea-4a65-e9e7-7959-ddd5e2891e23@redhat.com"
      type="cite">Due to certutil issue (bug #1393668) the installation
      code has
      <br>
      been modified to import certificates into the NSS database in
      <br>
      two steps. This workaround is needed to install subordinate CA
      <br>
      with HSM in FIPS mode.
      <br>
      <br>
      First, the certificate will be imported into the HSM using the
      <br>
      HSM password without the trust attributes. Then, the certificate
      <br>
      will be imported into the internal token using the internal token
      <br>
      password with the trust attributes.
      <br>
      <br>
      <a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/2543">https://fedorahosted.org/pki/ticket/2543</a>
      <br>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
    </blockquote>
    <br>
  </body>
</html>