Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Major
Fix Version/s: 25Q4
Affects Version/s: None
Component/s: None
Labels:
None

Story Points:
5
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Affects Testing:

Testable
Dev Approval:
?
PM Approval:
?
AssignedTeam:
rhel-cockpit
QE Approval:
?
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

From RHELMISC-11973, our certificate generation still hardcodes to RSA, for full PQ we need to generate two certificate pairs, one RSA and one PQ. PQ can be generated with:

openssl req \
    -x509 \
    -newkey mldsa65 \
    -keyout localhost-mldsa.key \
    -subj /CN=localhost \
    -addext subjectAltName=DNS:localhost \
    -days 30 \
    -nodes \
    -out localhost-mldsa.crt

sscg at the moment does not support post quantum certificate generation.

Our webserver also has to support loading multiple certificates to such as the openssl server example

openssl s_server \
    -cert localhost-mldsa.crt -key localhost-mldsa.key \
    -dcert localhost-rsa.crt -dkey localhost-rsa.key

is blocked by

RHEL-123675 Update to SSCG 4.0

In Progress

COCKPIT-1330 Drop TLS support from cockpit-ws

To Do

Assignee:: Unassigned

Reporter:: Jelle van der Waa

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/08/20 3:29 PM

Updated:: 2025/10/23 4:33 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates