From 017f4f9d4b3c6051f082b8c2b49d5143fd8450e9 Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Mon, 10 Aug 2015 15:38:06 -0700
Subject: Ticket 1539 Unable to create ECC KRA Instance when kra admin key type
 is ECC This patch changes the relevant CA enrollment admin profiles so that
 they accept requests for EC certs. The issue actually not just affected KRA,
 it also affected other non-CA subsystems.

---
 base/ca/shared/profiles/ca/AdminCert.cfg   | 4 ++--
 base/ca/shared/profiles/ca/caAdminCert.cfg | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'base/ca')

diff --git a/base/ca/shared/profiles/ca/AdminCert.cfg b/base/ca/shared/profiles/ca/AdminCert.cfg
index a54a1b755..526d05d49 100644
--- a/base/ca/shared/profiles/ca/AdminCert.cfg
+++ b/base/ca/shared/profiles/ca/AdminCert.cfg
@@ -30,8 +30,8 @@ policyset.adminCertSet.2.default.params.range=365
 policyset.adminCertSet.2.default.params.startTime=0
 policyset.adminCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.adminCertSet.3.constraint.name=Key Constraint
-policyset.adminCertSet.3.constraint.params.keyType=RSA
-policyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.adminCertSet.3.constraint.params.keyType=-
+policyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.adminCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.adminCertSet.3.default.name=Key Default
 policyset.adminCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caAdminCert.cfg b/base/ca/shared/profiles/ca/caAdminCert.cfg
index cd2970397..f779edb0f 100644
--- a/base/ca/shared/profiles/ca/caAdminCert.cfg
+++ b/base/ca/shared/profiles/ca/caAdminCert.cfg
@@ -31,8 +31,8 @@ policyset.adminCertSet.2.default.params.range=365
 policyset.adminCertSet.2.default.params.startTime=0
 policyset.adminCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.adminCertSet.3.constraint.name=Key Constraint
-policyset.adminCertSet.3.constraint.params.keyType=RSA
-policyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.adminCertSet.3.constraint.params.keyType=-
+policyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.adminCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.adminCertSet.3.default.name=Key Default
 policyset.adminCertSet.4.constraint.class_id=noConstraintImpl
-- 
cgit