April 2015 - Pki-devel - Dogtag Pki List Archives

[PATCH] 567 Added upgrade script to fix instance work folder ownership.

by Endi Sukma Dewata

The <instance>/work/Catalina/localhost/pki folder is owned by root in Dogtag 10.0.x and pkiuser in the latest code. The script will fix the ownership during upgrade. https://fedorahosted.org/pki/ticket/802 -- Endi S. Dewata

9 years

1
1
0 / 0

[PATCH] 565 Fixed problem deleting newly created TPS profiles.

by Endi Sukma Dewata

All TPS services have been fixed to set the default status of a new record to Disabled if the client does not provide the initial status. This will ensure a newly created profile to always have a status so it can be deleted normally. https://fedorahosted.org/pki/ticket/1273 -- Endi S. Dewata

9 years

1
1
0 / 0

[PATCH] 564 Fixed problem with TPS profile status.

by Endi Sukma Dewata

The base class of ProfileDatabase (i.e. CSCfgDatabase) has been modified to return the correct default value (i.e. Enabled) if the status parameter doesn't exist. The TPSProcessor has been modified to use ProfileDatabase, and other TPS codes have also been changed to use constants instead of string literals to ensure consistency. https://fedorahosted.org/pki/ticket/1270 -- Endi S. Dewata

9 years

1
2
0 / 0

[PATCH] 566 Fixed incorrect link in TPS UI.

by Endi Sukma Dewata

The "Subsystem Connections" link in the home.html has been fixed to point to #connectors. https://fedorahosted.org/pki/ticket/1274 Pushed to master and 10.2 branch under one-liner/trivial rule. -- Endi S. Dewata

9 years

1
0
0 / 0

[PATCH] 563 Added interface to show TPS token certificates.

by Endi Sukma Dewata

The TPS REST service, CLI, and UI have been modified to provide an interface to search for certificates belonging to a token. https://fedorahosted.org/pki/ticket/1143 -- Endi S. Dewata

9 years

1
2
0 / 0

assorted sub-CA use case questions

by Fraser Tweedale

Hi Christina, The following questions emerged in recent discussions and work on sub-CAs. Your responses will be helpful in working out what work is needed, and when. *OCSP signing* Currently sub-CAs sign OCSP responses with the CA signing certificate, rather than using the CA cert to sign an OCSP signing cert and delegating OCSP signing to it. Question : do you expect customers who use sub-CAs will want to be able to choose whether sub-CAs have OCSP signing delegate? If so, how fine-grained should the control be (instance-wide config, per-subCA, etc?), and can this feature be deferred (i.e. is OCSP signing directly by CA acceptable for initial release of sub-CAs)? *Sub-CA DNs* There is currently no check that a sub-CA's DN is unique. Question : should we enforce CA DN uniqueness within the Dogtag instance? *Sub-CA certificate profile* Currently sub-CA certificates are created using the `caCert' profile (the same profile that is used for the self-signed root certificate). Question : how much control over aspects of the sub-CA certificates will customers need or want? (e.g. validity period, pathLenConstraint, nonstandard extensions, etc). Is using the `caCert' profile defaults fine for the initial release? Look forward to your input. Cheers, Fraser

9 years

2
3
0 / 0

[PATCH] 562 Fixed missing port error during installation.

by Endi Sukma Dewata

During installation the server generates an exception in the debug log due to a missing port. This exception is considered a normal behavior during installation since the port will be supplied at a later step, so the code has been changed to display a notification instead of a stack trace. https://fedorahosted.org/pki/ticket/1293 -- Endi S. Dewata

9 years

2
3
0 / 0

EMV CPS 1.1 support

by Javier Gallart

Hello sorry for posting twice, but I think this is the proper list for this question: "we're working with G&D SmartCafe 3.2 cards and trying to integrate them with Dogtag. They use the EMV CPS 1.1 key derivation protocol for obtaining the session keys in a Secure Channel establishment (SCP02). Is the any plan to include it in Dogtag?. If not, would a patch implementing it be considered?" Thanks in advance Javi

9 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel April 2015