Re: [Pki-users] Dogtag: configuring OCSP URI
Hello:
I believe you could modify the setting in your link for
every kind of certificate profile that you care about.
The AIA extension.
The profiles are stored with each instance roughly here:
/var/lib/pki/pki-tomcat/ca/profiles/ca
----- Original Message -----
From: "mirkt" <mirkt(a)sapnas.net>
To: pki-users(a)redhat.com
Sent: Friday, April 27, 2018 5:46:26 AM
Subject: [Pki-users] Dogtag: configuring OCSP URI
Hello,
I am new to Dogtag. I would like to deploy it as CA for internal
services only. Any ideas how to change default OCSP URI for all
certificates? I mean not only for issued ones as in here:
https://www.redhat.com/archives/pki-users/2015-July/msg00005.html
but also for those generated during installation (CA Signing certificate
and so on..)?
What I want is: Dogtag listening on default ports (8080,8443..) and
apache with mod_proxy listening on 80 so I could control (firewall) who
can access Dogtag WebUI but allow all OCSP requests..
I need non default OCSP URI (with :8080 part removed) on all
certificates.. Any suggestions how could I achieve that?
Thank you in advance
mirkt
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users