[PATCH] first cut of tokendb management, policy, and activities
by Christina Fu
This patch is the first cut of tokendb management, policy, and
activities. It
* adds and updates token entries in the tokendb
* checks policies when necessarily (note: bug filed:
https://fedorahosted.org/pki/ticket/1085
* logs activities
Certificate related tokendb updates will be in the next patch. There may
still be a few more activities to be logged (such as pin reset, etc,
once complete.). Policy checks re ticket#1085 will be provided after
ticket 1085 is addressed.
Please review.
thanks,
Christina
10 years, 1 month
[Patch] Alternative CLI password methods
by Matthew Harmsen
Please review the attached patch which implements alternative CLI
password methods to address the following PKI TRAC ticket:
* PKI TRAC Ticket #555 - Other ways to specify CLI password
<https://fedorahosted.org/pki/ticket/555>
This patch contains two additional password implementations for Basic
Authentication ('-W <user password file>' and '-y' which allows
prompting for the user password), and one additional password
implementation for Client Authentication ('-C <client security database
password file>').
As a part of this patch, the *pki *man page was updated significantly.
Additionally, the Dogtag CLI Design Wiki
<http://pki.fedoraproject.org/wiki/CLI>was updated to reflect these
Dogtag 10.2 changes.
10 years, 1 month
[PATCH] Fix independent pkispawn installation and configuration
by Matthew Harmsen
Please review the following attached patch which addresses:
* PKI TRAC Ticket #905 - 2 Step Configuration of CA instance using
pkispawn fails <https://fedorahosted.org/pki/ticket/905>
This was tested by first "installing" a CA using the following command:
* *pkispawn -s CA -f ca-gui-install.cfg -vvv*
where 'ca-gui-install.cfg' contained the following:
[DEFAULT]
pki_admin_password=<password>
pki_client_pkcs12_password=<password>
pki_skip_configuration=True
Then, the CA was 'configured' by running the following command:
* *pkispawn -s CA -f ca-gui-config.cfg -vvv*
where 'ca-gui-config.cfg' contained the following:
[DEFAULT]
pki_admin_password=<password>
pki_client_pkcs12_password=<password>
pki_ds_password=<password>
pki_security_domain_password=<password>
pki_client_database_purge=False
pki_skip_installation=True
10 years, 1 month
RA interface import cert chain and revoke cert?
by Jana Nguyen
Hello,
I've setup the RH RA, but noticed on the End-entity page it doesn't have
the option to "Import a Certificate Chain" as well it does not have
"Certificate Revocation". As we are aware that on the CA box the
end-entity page has these features.
How do I include the functionality on the RA to display/download the
certificate chain and certificate revocation? The end user should be allow
to revoke a cert as well as download the certificate chain on the RA!
Any feedback is greatly appreciated.
10 years, 1 month