Re: [Pki-users] ESC and Microsoft CSP
by John Magne
Check to see if you have something in
the following registry key:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/CoolKey PKCS#11 CSP
If not perhaps you are running with an older test version of the CS product that did not install the CSP.
Upgrading the client to CS 7.3 or 8.0 should do the trick.
----- Original Message -----
From: "Chris Brown" <cjbrown(a)mitre.org>
To: pki-users(a)redhat.com
Sent: Thursday, August 27, 2009 5:41:36 AM GMT -08:00 US/Canada Pacific
Subject: [Pki-users] ESC and Microsoft CSP
All,
According to the documentation, when the ESC is installed the corresponding CSP is also installed. Also, the smartcard keys should show up in the CAPI personal store automatically when the card is inserted. I am not seeing this behavior, so the smartcard is not available to applications which rely on CAPI. Has anyone else observed this? How could I debug?
SMART CARD DIAGNOSTICS REPORT
***Software Version Information***
Smart Card Manager Version: 1.1.0-0
System Versions: mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.8.0.4) gecko/20071025
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
15 years, 3 months
Re: Pki-users Digest, Vol 18, Issue 6
by Rashmi Pawar
Hi Chandrasekar,
Thank you for your reply.
One quick question..As you said i dont need to install and run Apache
if pki-tps and pki-ra subsystems are not installed...My question is even if
i am not installing pki-ra and pki-tps subsystems can i still go with
apache?
Regards,
Rashmi Pawar
On Sun, Aug 30, 2009 at 9:30 PM, <pki-users-request(a)redhat.com> wrote:
> Send Pki-users mailing list submissions to
> pki-users(a)redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/pki-users
> or, via email, send a message with subject or body 'help' to
> pki-users-request(a)redhat.com
>
> You can reach the person managing the list at
> pki-users-owner(a)redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pki-users digest..."
>
>
> Today's Topics:
>
> 1. Dogtag Installation on FC6 (Rashmi Pawar)
> 2. Re: Dogtag Installation on FC6 (Chandrasekar Kannan)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 30 Aug 2009 13:42:01 +0530
> From: Rashmi Pawar <rashmeepawar(a)gmail.com>
> Subject: [Pki-users] Dogtag Installation on FC6
> To: pki-users(a)redhat.com
> Message-ID:
> <816962df0908300112t6ca5b2at2b79ae587ba32d98(a)mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi
>
> I am new to the Dogtag Certificate system. I have to install the dogtag
> certificate system on fedora core 6. I would appreciate help from pki-users
> who have successfully installed and are runing dogtag certificate system on
> linux.
> I read the explanantion on dogtag on
> http://pki.fedoraproject.org/wiki/PKI_Main_Page yet I have some questions
> before starting the installation. Following are the questions:
>
> 1. Do I have to install and run Apache service on the system on which I am
> going to implement dogtag?
> 2. I am confused about the configuration of all the PKI subsystems like
> CA,RA,DRM...etc. In the http://pki.fedoraproject.org/wiki/PKI_Main_Pagethe
> configuration of all subsyems is given but I dont understand from where do
> I
> get the configuration URL for each subsystem.
> 3. I have to integrate the setup with Checkpoint, so need steps on the
> integration.
>
> I would appreciate if someone who has implemented dogtag would provide me
> easy steps to install dogtag on fedora core 6.
>
> Thanks & Regards,
> Rashmi
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://www.redhat.com/archives/pki-users/attachments/20090830/86c17a72/a...
>
> ------------------------------
>
> Message: 2
> Date: Sun, 30 Aug 2009 07:30:03 -0700
> From: Chandrasekar Kannan <ckannan(a)redhat.com>
> Subject: Re: [Pki-users] Dogtag Installation on FC6
> To: Rashmi Pawar <rashmeepawar(a)gmail.com>
> Cc: pki-users(a)redhat.com
> Message-ID: <4A9A8CEB.1080404(a)redhat.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 08/30/2009 01:12 AM, Rashmi Pawar wrote:
> > Hi
> > I am new to the Dogtag Certificate system. I have to install the
> > dogtag certificate system on fedora core 6. I would appreciate help
> > from pki-users who have successfully installed and are runing dogtag
> > certificate system on linux.
> > I read the explanantion on dogtag on
> > http://pki.fedoraproject.org/wiki/PKI_Main_Page yet I have some
> > questions before starting the installation. Following are the questions:
> > 1. Do I have to install and run Apache service on the system on
> > which I am going to implement dogtag?
>
> not unless you need pki-tps or pki-ra subsystems. For pki-ca, pki-tks,
> pki-ocsp, pki-kra you just need tomcat5.
>
> > 2. I am confused about the configuration of all the PKI subsystems
> > like CA,RA,DRM...etc. In the
> > http://pki.fedoraproject.org/wiki/PKI_Main_Page the configuration of
> > all subsyems is given but I dont understand from where do I get the
> > configuration URL for each subsystem.
>
> for example, once you run yum install pki-ca, the rpm post install
> scripts run /usr/bin/pkicreate utility to create the default instance.
> Upon creation of this default instance, pkicreate spits out the url for
> configuration.
>
>
> > 3. I have to integrate the setup with Checkpoint, so need steps on the
> > integration.
> no idea.
>
> > I would appreciate if someone who has implemented dogtag would provide
> > me easy steps to install dogtag on fedora core 6.
> > Thanks & Regards,
> > Rashmi
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
> >
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://www.redhat.com/archives/pki-users/attachments/20090830/573d26cb/a...
>
> ------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
>
> End of Pki-users Digest, Vol 18, Issue 6
> ****************************************
>
15 years, 3 months
Dogtag Installation on FC6
by Rashmi Pawar
Hi
I am new to the Dogtag Certificate system. I have to install the dogtag
certificate system on fedora core 6. I would appreciate help from pki-users
who have successfully installed and are runing dogtag certificate system on
linux.
I read the explanantion on dogtag on
http://pki.fedoraproject.org/wiki/PKI_Main_Page yet I have some questions
before starting the installation. Following are the questions:
1. Do I have to install and run Apache service on the system on which I am
going to implement dogtag?
2. I am confused about the configuration of all the PKI subsystems like
CA,RA,DRM...etc. In the http://pki.fedoraproject.org/wiki/PKI_Main_Page the
configuration of all subsyems is given but I dont understand from where do I
get the configuration URL for each subsystem.
3. I have to integrate the setup with Checkpoint, so need steps on the
integration.
I would appreciate if someone who has implemented dogtag would provide me
easy steps to install dogtag on fedora core 6.
Thanks & Regards,
Rashmi
15 years, 3 months
ESC and Microsoft CSP
by Brown, Chris
All,
According to the documentation, when the ESC is installed the corresponding
CSP is also installed. Also, the smartcard keys should show up in the CAPI
personal store automatically when the card is inserted. I am not seeing
this behavior, so the smartcard is not available to applications which rely
on CAPI. Has anyone else observed this? How could I debug?
SMART CARD DIAGNOSTICS REPORT
***Software Version Information***
Smart Card Manager Version: 1.1.0-0
System Versions: mozilla/5.0 (windows; u; windows nt 5.1; en-us;
rv:1.8.0.4) gecko/20071025
15 years, 4 months
Re: [Pki-users] smartcard purchase
by Lawrence J Melton
It depends on what you mean by "for use with the DogTag system". If you want tokens for your end users, the Gemalto Cyberflex e-gate 32k token, Safenet model 330, and iKey 2000 (USB fob with same chip as the model 330) or iKey 2032 (same as the iKey 2000 with 32k memory) work great. I've never tried using a token for authenticating to Dogtag, but my understanding was if you can a token to work with mozilla, you should be able to get it to work with Dogtag.
Yes, you'll need the middleware and card management software. The end user will need the middleware, and the sysadmins will need both. I didn't know that DogTag included middleware, but then it's been a year since I downloaded it.
Larry
----- Original Message -----
From: "Satish Chetty" <satish(a)suburbia.org.au>
To: "Chandrasekar Kannan" <ckannan(a)redhat.com>
Cc: "David Partridge" <dpartridge(a)tangible.net>, pki-users(a)redhat.com
Sent: Tuesday, August 4, 2009 2:47:01 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Pki-users] smartcard purchase
Hi Chandra,
On 08/04/2009 07:08 AM, Chandrasekar Kannan wrote:
> ----- "David Partridge"<dpartridge(a)tangible.net> wrote:
>
>> It is also my understanding that only specific vendor/model #’s of
>> smartcards are interoperable with DogTag. Does anyone have list of
>> vendor/card model #’s that have been tested and function without
>> customization of install?
>
> afaik, these are the ones tested to work..
>
> *Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key
> *Gemalto Cyberflex e-gate 32K token (Red Hat Enterprise Linux only)
> *Safenet 330J Java smart card
I could not find 330j cards. Can the 330m be substituted instead?
http://www.safenet-inc.com/products/tokens/products_sc_330m.asp
Thanks,
-Satish.
>
> Hope that helps.
>
>>
>>
>>
>> David M. Partridge
>>
>>
>>
>>
>>
>>
>>
>> From: Brown, Chris [mailto:cjbrown@mitre.org]
>> Sent: Wednesday, July 29, 2009 2:37 PM
>> To: pki-users(a)redhat.com
>> Subject: [Pki-users] smartcard purchase
>>
>>
>>
>> When purchasing smartcards for use with the DogTag system, is it
>> necessary to purchase the middleware and card mgmt software that
>> vendors also offer? Since DogTag offers this I would guess not, but
>> wanted to make sure. Thanks.
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
15 years, 4 months
smartcard purchase
by Brown, Chris
When purchasing smartcards for use with the DogTag system, is it necessary
to purchase the middleware and card mgmt software that vendors also offer?
Since DogTag offers this I would guess not, but wanted to make sure.
Thanks.
15 years, 4 months
