12:07 p.m.
We have a Safenet token (known as eToken) with the private key and
certificate installed.
I need to renew the expired certificates without generating a new private
key( thats what we call as renewal). The problems is that certificate on
these Tokens were expired, so i cannot really use the 'renewal process'. Is
there a way i can use the 'expired' certificate for renewal.
I was not able to generate new CSR from the private key on the Token. I
tried 'openssl req' with PKCS11 engine option and not been successful.
I do have access to the old CSR in two forms:
- one set of requests were in crmf format.I was able to issue new
certificate for these requests.
- one set of requests were in keygen<
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen> format:
This i am not sure how can i make dogtag pki certificate profile to accept
it.
Appreciate your help.
1:30 p.m.
The "Renewal: Renew certificate to be manually approved by agents" on
the EE Enrollment/Renewal profile list (last one on the list, by
default) is supposed to allow you to renew expired certs. Did you try that?
Christina
On 04/21/2014 10:07 AM, Dhiva wrote:
We have a Safenet token (known as eToken) with the private key and
certificate installed.
I need to renew the expired certificates without generating a new
private key( thats what we call as renewal). The problems is that
certificate on these Tokens were expired, so i cannot really use the
'renewal process'. Is there a way i can use the 'expired' certificate
for renewal.
I was not able to generate new CSR from the private key on the Token.
I tried 'openssl req' with PKCS11 engine option and not been successful.
I do have access to the old CSR in two forms:
- one set of requests were in crmf format.I was able to issue new
certificate for these requests.
- one set of requests were in
keygen<https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keyge...
format: This i am not sure how can i make dogtag pki certificate
profile to accept it.
Appreciate your help.
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
1:32 p.m.
I haven't. Let me try that. Thats 1 way to start.
thanks
dhiva
On Mon, Apr 21, 2014 at 11:30 AM, Christina Fu <cfu(a)redhat.com> wrote:
The "Renewal: Renew certificate to be manually approved by
agents" on the
EE Enrollment/Renewal profile list (last one on the list, by default) is
supposed to allow you to renew expired certs. Did you try that?
Christina
On 04/21/2014 10:07 AM, Dhiva wrote:
We have a Safenet token (known as eToken) with the private key and
certificate installed.
I need to renew the expired certificates without generating a new private
key( thats what we call as renewal). The problems is that certificate on
these Tokens were expired, so i cannot really use the 'renewal process'. Is
there a way i can use the 'expired' certificate for renewal.
I was not able to generate new CSR from the private key on the Token. I
tried 'openssl req' with PKCS11 engine option and not been successful.
I do have access to the old CSR in two forms:
- one set of requests were in crmf format.I was able to issue new
certificate for these requests.
- one set of requests were in keygen<
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen> format:
This i am not sure how can i make dogtag pki certificate profile to accept
it.
Appreciate your help.
_______________________________________________
Pki-devel mailing
listPki-devel@redhat.comhttps://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
4211
days inactive
4211
days old
2 comments
2 participants
participants (2)
-
Christina Fu -
Dhiva