Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4807

[RFE] Support in IPA for HSM boxes

XMLWordPrintable

    • ipa-4.12.0-1.el9
    • None
    • 3
    • rhel-sst-idm-ipa
    • ssg_idm
    • 15
    • 22
    • 5
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • 2024-Q2-Bravo-S6, 2024-Q3-Bravo-S1, 2024-Q3-Bravo-S2
    • Feature
    • Hide
      Feature, enhancement (describe the feature or enhancement from the user’s point of view): IPA has added support for the two Hardware Security Modules (HSM) that the Red Hat Certificate System supports to store the CA and KRA private keys and certificates. This relies on the networking features of the HSM to share the keys between machines to create replicas.
      Reason (why has the feature or enhancement been implemented): This adds physical security to the private key material.
      Result (what is the current user experience):An HSM provides additional security without visibly affecting most IPA operations. When using low-level tooling the certificates and keys will be addressed differently but this will be seamless for most users.
      Show
      Feature, enhancement (describe the feature or enhancement from the user’s point of view): IPA has added support for the two Hardware Security Modules (HSM) that the Red Hat Certificate System supports to store the CA and KRA private keys and certificates. This relies on the networking features of the HSM to share the keys between machines to create replicas. Reason (why has the feature or enhancement been implemented): This adds physical security to the private key material. Result (what is the current user experience):An HSM provides additional security without visibly affecting most IPA operations. When using low-level tooling the certificates and keys will be addressed differently but this will be seamless for most users.
    • None

      Description of problem:
      Large organizations have to use HSM boxes for CA certs. Due to company policy or regulatory.

      Upstream Dogtag comes with HSM support.

      Version-Release number of selected component (if applicable):
      4.4.x

      How reproducible:

      Steps to Reproduce:
      1.
      2.
      3.

      Actual results:

      Expected results:

      Support for HSM Boxes

      Additional info:

              rhn-engineering-rcrit Rob Crittenden
              ldelouw@redhat.com Luc De Louw (Inactive)
              Rob Crittenden Rob Crittenden
              Rizwan Shaikh Rizwan Shaikh
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              33 Start watching this issue

                Created:
                Updated:
                Resolved: