I want another help from you. How can I change the "Maximum number of intermediate CAs: unlimited" value.Dear Dinesh,On Friday, May 22, 2020, 10:57:45 AM GMT+5:30, Nadeera Galagedara <nadeeragalagedara@yahoo.com> wrote:Dear Dinesh,That is a great explanation. That problem that problem is also solved. Again thank you.On Wednesday, May 20, 2020, 08:27:56 PM GMT+5:30, Dinesh Prasanth Moluguwan Krishnamoorthy <dmoluguw@redhat.com> wrote:Hi Nadeera,I'm glad I could resolve your issues.As for the friendly/nickname, these names are customizable based on the system you use and are not specified during the certificate issuance.For instance, when you specified "pki_ca_signing_nickname=mycompany_nickname" this nickname was used to import the CA system certificate in your PKI server's NSSDB. You can view this by doing `certutil -L -d /etc/pki/pki-tomcat/alias` and you should see the mycompany_nickname listed.I have very limited knowledge of handling certificates in windows. From Googling around: you can try to right-click on the certificate -> Properties -> "general" tab -> Set "Friendly Name".HTHRegards,--DineshOn Wed, May 20, 2020 at 3:28 AM Nadeera Galagedara <nadeeragalagedara@yahoo.com> wrote:Dear Dinesh,Thank you for your support and it is been very helpful. I am using Centos 7 and the version came with it is 10.5. I am using that version. I think I have corrected the country (with c=LK). But I still have a problem with the nickname.I used the pki_ca_signing_nickname=mycompany_nickname line but still the friendly name show on windows PC (I have imported the issued certificate to a windows PC) format like <Common Name>'s <Organisation> ID. My requirement is to show the the Friendly Name (shows as in Windows PC) as "mycompany_nickname " I have attached a screenshot also. Please tell me what did I do wrong.The full config is mentioned belowStep 1[CA]pki_admin_email=mycompany@abc.lkpki_admin_name=caadminpki_admin_nickname=caadminpki_admin_password=Secret.123pki_admin_uid=caadminpki_client_database_password=Secret.123pki_client_database_purge=Falsepki_client_pkcs12_password=Secret.123pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lkpki_ds_database=ca2pki_ds_password=Secret.123pki_security_domain_name=mycompany_domainpki_token_password=Secret.123pki_external=Truepki_external_step_two=Falsepki_ca_signing_subject_dn=cn=mycompany_cn,ou=mycompany_ou,o=mycompany_o,c=LKpki_ca_signing_csr_path=ca_signing.csrpki_ca_signing_nickname=mycompany_nicknamepki_default_ocsp_uri=http://ocsp.mycompany.lkStep 2[CA]pki_admin_email=mycompany@abc.lkpki_admin_name=caadminpki_admin_nickname=caadminpki_admin_password=Secret.123pki_admin_uid=caadminpki_client_database_password=Secret.123pki_client_database_purge=Falsepki_client_pkcs12_password=Secret.123pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lkpki_ds_database=ca2pki_ds_password=Secret.123pki_security_domain_name=mycompany_domainpki_token_password=Secret.123pki_external=Truepki_external_step_two=Truepki_ca_signing_csr_path=ca_signing.csrpki_ca_signing_cert_path=ca_signing.crtpki_ca_signing_nickname=mycompany_nicknamepki_default_ocsp_uri=http://ocsp.mycompany.lkThank you and best regards,Nadeera.On Wednesday, May 20, 2020, 03:29:15 AM GMT+5:30, Dinesh Prasanth Moluguwan Krishnamoorthy <dmoluguw@redhat.com> wrote:Hi Nadeera,What version of dogtag PKI are you trying to install? You are referring to PKI 10.5 docs. The latest release is 10.8.3If you are using the latest packages, our docs are available in our upstream repo: https://github.com/dogtagpki/pki/tree/v10.8/docs(see inline reply)On Tue, May 19, 2020 at 9:22 AM Nadeera Galagedara <nadeeragalagedara@yahoo.com> wrote:Dear all,I am new to dogtag and I am installing a sub ca using the method described in https://www.dogtagpki.org/wiki/PKI_10.5_Installing_CA_with_External_CA_Signing_Certificate . I want to know.1) What is the parameter to change the Friendly NameWe do not use "Friendly Name". Instead, we use "nickname"To configure the nickname for CA signing certificate use:pki_ca_signing_nickname=
2) What is the parameter to change the Country/LocalityThis is set using subject dn. So, in your case specify the Country using this attribute: pki_ca_signing_subject_dn=3) Where (a page link ) I can find details about each of this configuration parameters.I don't have a page that explains all the config parameters. But, I do have a page that can give you a list of parameters that you can use (since you mentioned 10.5, I'm listing the contents of 10.5 branch. Refer to the appropriate branch for an updated list)HTHRegards,--Dinesh_______________________________________________Thank you.
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel