[PATCH] 198 Parameterizing RESTEasy paths.
by Endi Sukma Dewata
The paths to RESTEasy jar files have been modified such that it can
be configured globally at build time using the spec file to support
different distributions, and at deployment time using a system-wide
configuration in /etc/pki/pki.conf.
Ticket #422, #423.
--
Endi S. Dewata
11 years, 4 months
[PATCH] Implemented ability to use an external CA
by Matthew Harmsen
The attached patch addresses the following PKI issues:
* TRAC Ticket #231 - Dogtag 10: Update PKI Deployment to handle
external CA
This code has been successfully tested on a slightly earlier version of
the source tree, although the attached patch has been re-based to the
'master'.
To test this code, the following procedure was followed on an x86_64
machine running 64-bit Fedora 18:
* First, a standard CA was created to be used as an "External CA"
using the following command and file ('# mv typescript
typescript.external' once finished):
o script -c 'pkispawn -s CA -f /tmp/pki/external.cfg -vvv'
# cat external.cfg
[Common]
pki_admin_password=<password>
pki_backup_password=<password>
pki_client_pkcs12_password=<password>
pki_ds_password=<password>
pki_security_domain_password=<password>
[Tomcat]
pki_ajp_port=18009
pki_http_port=18080
pki_https_port=18443
pki_instance_name=pki-external-tomcat
pki_tomcat_server_port=18005
* Next, Step 1 for a CA which depended upon this External CA was
created using the following command and file('# mv typescript
typescript.step_1' once finished):
o script -c 'pkispawn -s CA -f /tmp/pki/ca_1.cfg -vvv'
# cat ca_1.cfg
[Common]
pki_admin_password=<password>
pki_backup_password=<password>
pki_client_pkcs12_password=<password>
pki_ds_password=<password>
pki_security_domain_password=<password>
[CA]
pki_external=True
pki_external_csr_path=/tmp/pki/ca_signing.csr
* Next, the CSR contained in the file '/tmp/pki/ca_signing.csr' was
utilzed to create a certificate using the "External CA" using the
following procedure:
o External CA:
EE: Enrollment/Renewal Tab
* Use 'Manual Certificate Manager Signing Certificate
Enrollment'
AGENT: Approve request by pressing 'submit'
EE: Retrieval Tab
* Use 'Check Request Status' to obtain the base 64
encoded certificate
* Store this blob into the file specified by the value
of 'pki_external_ca_cert_path'in ca_2.cfg
EE: Retrieval Tab
* Use 'Import CA Certificate Chain' and select the
radio button entitled 'Display certificates in the CA
certificate chain for
importing individually into a server' to obtain the
base 64 encoded certificate chain
* Store this blob into the file specified by the value
of 'pki_external_ca_cert_chain_path'in ca_2.cfg
* Finally, Step 2 for a CA which depended upon this External CA was
created using the following command and file('# mv typescript
typescript.step_2' once finished):
o script -c 'pkispawn -s CA -f /tmp/pki/ca_2.cfg -vvv'
# cat ca_2.cfg
[Common]
pki_admin_password=<password>
pki_backup_password=<password>
pki_client_pkcs12_password=<password>
pki_ds_password=<password>
pki_security_domain_password=<password>
[CA]
pki_external=True
pki_external_ca_cert_chain_path=/tmp/pki/ca_signing_chain.cert
pki_external_ca_cert_path=/tmp/pki/ca_signing.cert
pki_external_step_two=True
11 years, 4 months
[PATCH] 197 Archiving default deployment configuration.
by Endi Sukma Dewata
The default deployment configuration has been renamed and moved to
/etc/pki/default.cfg to make it more accessible to users. The pkispawn
has been modified to archive the default deployment configuration
along with the user-provided configuration in the registry. The
pkidestroy will now use both archived configuration files to ensure
proper removal of the subsystem.
Ticket #399
--
Endi S. Dewata
11 years, 4 months
[PATCH] 95 use interpolation to build default parameters
by Ade Lee
Use interpolation to build default parameters
This patch replaces the code in pkiparser with defaults that are
built up using ConfigParser interpolation. The patch gets most
(but not all) default parameters.
Please review.
Ade
11 years, 4 months
[PATCH] 184 I18n for ProfileList.template.
by Endi Sukma Dewata
The messages in ProfileList.template in CA EE has been extracted
into a properties file which can be translated separately.
The original messages in the template have been marked as follows:
<span class="message" name="...key...">...message...</span>
When the page is loaded into the browser, the original message will
be replaced with the translated message.
Ticket #406
--
Endi S. Dewata
11 years, 4 months
[PATCH] 192 Removed RA and TPS theme packages.
by Endi Sukma Dewata
The RA and TPS theme packages are no longer necessary due to the
reorganization of the theme files. The build and deployment
scripts have been updated accordingly.
Ticket #407
--
Endi S. Dewata
11 years, 4 months
[PATCH] 191 Reorganized TPS CSS files.
by Endi Sukma Dewata
The CSS files for TPS have been moved into the server theme package.
All references have been modified accordingly.
--
Endi S. Dewata
11 years, 4 months
