[Pki-devel] [PATCH] 827 Added support to create system certificates in different tokens.
Endi Sukma Dewata
edewata at redhat.com
Thu Sep 1 15:04:08 UTC 2016
I think if you search for the usage of CryptoToken.login(), it's done at the beginning of configuration servlet (SystemConfigService) and in the beginning of server startup (JssSubsystem). TomcatJSS might also do the same thing (I haven't checked the code).
This patch doesn't change the order of token login and the certificate creations. It mainly changes how the tokenname parameters are initialized. Previously it's done by the configuration servlet but with the wrong value. Now it's done in pkispawn with the correct value.
--
Endi S. Dewata
----- Original Message -----
>
>
> I'm less familiar with the area, so I'm just going to ask a question. Where
> in the new code does it handle taking in passwords and logging into the
> extra token(s)?
>
>
> thanks,
>
> Christina
>
> On 08/31/2016 12:35 PM, Endi Sukma Dewata wrote:
>
>
> Previously all system certificates were always created in the same
> token specified in the pki_token_name parameter.
>
> To allow creating system certificates in different tokens, the
> configuration.py has been modified to store the system certificate
> token names specified in pki_<cert>_token parameters into the
> CS.cfg before the server is started.
>
> After the server is started, the configuration servlet will read
> the token names from the CS.cfg and create the certificates in the
> appropriate token.
>
> https://fedorahosted.org/pki/ticket/2449
>
>
>
> _______________________________________________
> Pki-devel mailing list Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list