Autoenrollment with Dogtag
by Christoffer Strömblad
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
As part of a future project I will be implementing a PKI using
Dogtag. The company is interested in having autoenrollment
functionality for their Linux-desktops. From what I've read I seem
to find no indication that this functionality is provided.
Is there a way to have a computer/user to be automatically provided
with a certificate upon "notice" through SCEP? What options are
available?
Any hints or advice is appreciated.
Regards,
Christoffer Strömblad
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wpwEAQECAAYFAkl1mvYACgkQoGiwk4tHXN2oxAQAxm7gczqQLyxPBdX6h9vquySfLi+z
CMxxP1DD13cQ673OVELFju6BXu+csQE+BpeeJsOJdOJ8RqefFSby8sXxhDsEsPtgeUlr
+UAv/A1hULfQw+g9t6gE0v/vsX6wiXN1RBpvvylHkHGwluPTjc6OpKbCT+iBIQ3WOdwo
Cn+P0Zc=
=nFBy
-----END PGP SIGNATURE-----
15 years, 8 months
LDAP Authentication
by Zach Casper
We have followed all steps to install/run Fedora Dogtag/FDS using default
settings.
We have also added users/certificates from within the CA/RA subsystems.
We are now to the point we need to format and enroll some smart cards,
however, the LDAP Authentication dialog appears and no combination of LDAP
User ID/Password work.
We've tried cn=Directory Manager, Admin, pkiuser.all without luck.
I know we must have users already in FDS but this documentation seems not to
exist.
How do we either add users in FDS so that we can continue to format and
enroll smart cards? Are we missing something?
--
Zach Casper
Envieta LLC
15 years, 8 months
ESC Format / Enroll Error
by Zach Casper
We have an Infineon Smart Card and currently we are unable to Format/Enroll
due to the following ESC Error
"Formatting of smart card failed. Error: The Smart Card Server cannot
upgrade the software on your smart card."
And Diagnostics show this error:
"Attempting to Format Key, ID: ####### - Key Format failure, Error: 19."
This card comes up as "Formatted" because we've manually installed a version
of the Dogtag applet prior to using ESC & Dogtag.
Any advice on how we can troubleshoot?
--
Zach Casper
Envieta LLC
----------------------------------------
15 years, 8 months
RE: [Pki-users] ESC Format / Enroll Error
by Zach Casper
Tps-debug log shows the following:
RA_Format_Processor::Process - applet upgrade failed
Tps-error log show the following:
RA_Processor::SetupSecureChannel - Failed to create a secure channel 0-
potentially due to an RA/TKS key mismatch or differing RA/TKS key versions.
RA_Processor::UpgradeApplet -0 channel create failure
And a series of Bad Response when trying to SelectApplet or GetStatus
zach
_____________________________________________
From: Jack Magne [mailto:jmagne@redhat.com]
Sent: Tuesday, December 23, 2008 1:10 PM
To: Zach Casper
Subject: Re: [Pki-users] ESC Format / Enroll Error
The first step would be to take a look at the tps log or smart card server.
These can be found at:
/var/lib/pki-tps/logs/tps-debug.log
Search the bottom of the log for error 19 and it should give you an idea
of what TPS was trying to do at the time.
Zach Casper wrote:
>
> We have an Infineon Smart Card and currently we are unable to
> Format/Enroll due to the following ESC Error
>
> "Formatting of smart card failed. Error: The Smart Card Server cannot
> upgrade the software on your smart card."
>
> And Diagnostics show this error:
>
> "Attempting to Format Key, ID: ####### - Key Format failure, Error: 19."
>
> This card comes up as "Formatted" because we've manually installed a
> version of the Dogtag applet prior to using ESC & Dogtag.
>
> Any advice on how we can troubleshoot?
>
> --
>
> Zach Casper
>
> Envieta LLC
>
> ----------------------------------------
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
15 years, 9 months
any suggestion for get going with pki-tps in dogtag
by soham
Hi,
Whereas i could install all other instances, but could not get going with
pki-tps instance. What could be the common error. I have followed the same
procedures for installing it. error message says 'unable to connect'.
15 years, 9 months
Default Secure Channel Key for Dogtag
by Zach Casper
Could there be an issue with the default key our card is loaded (VISA Key)
not being able to create the secure connection to Dogtag subsystems?
What are the default key(s) used/needed by Dogtag for connection?
--
Zach Casper
Envieta LLC
15 years, 9 months