PKI Dogtag Support
by Sharath
Hello Team,
I've just started using pki-tomcat server installed ca/kra.
As deafault CA Admin i want to approve the certificate request, Please
help??
command to create the cert-request
----------------------------------------------------
pki -c tecra@123 client-cert-request CN=Sharath --profile
caSigningUserCert --type crmf
-----------------------------
Submitted certificate request
-----------------------------
Request ID: 20
Type: enrollment
Request Status: pending
Operation Result: success
to approve the above request
_--------------------------------------------
pki ca-cert-request-review 20 --action approve
pki ca-cert-request-review 20 --action approve
WARNING: BAD_CERT_DOMAIN encountered on
'CN=tecra-db02,OU=pki-tomcat,O=tecra-db02 Security Domain' indicates a
common-name mismatch
PKIException: Unauthorized
Thanks,
Sharath
5 years, 2 months
Re: [Pki-users] Red Hat Certificate System question
by Fraser Tweedale
On Mon, Oct 28, 2019 at 05:27:14PM -0500, Steve Laesch wrote:
> Fraser,
>
> I enjoyed reading the blog article from 8/2015 in which you described how
> to create a custom certificate profile for provisioning S/MIME certificates.
>
> I'm currently struggling to complete a task using Red Hat Certificate
> System that I understand probably needs to involve creating a custom
> certificate profile.
>
> I'm trying to provision a set of CA certificates using dual root, mutually
> cross signed CAs. I did it using openssl first, and that went wonderfully.
>
> For reference, I'm trying to do what is described in this Wikipedia page:
> https://en.wikipedia.org/wiki/X.509#Example_1:_Cross-certification_at_roo...
>
> I'm working with Red Hat Certificate System PKIs installed on two different
> AWS EC2 instances.
>
> I'm almost a complete newbie when it comes to working with certificate
> profiles, unfortunately. I find it rather daunting. I'm determined to get
> this done and working, though. I can certainly use all the help I can get!
>
> Cheers,
> Steve Laesch
>
Hi Steve,
Adding the pki-users@ mailing list.
We need a bit more information. We have a profile for CA
certificates ("caCACert"). The validity period is 20 years which is
probably too long, but if you make a custom profile that is a copy
of caCAcert except with the desired validity period, it should be
suitable.
Can you please give more information on exactly what you're having
difficulty with, or how the results differ from your goal?
Thanks,
Fraser
5 years, 2 months