January 2009 - Pki-users - Dogtag Pki List Archives

Certificate System Want to change hostname/IP address after installation

by lambam80＠hotmail.com

Hello everybody: Firstly, is this the primary Email-list for Dogtag/Red Hat Certificate System ? Naturally, I've looked through all the archives, found here, for an answer: https://www.redhat.com/archives/pki-users/ We're using the DOGTAG CMS system found here: http://pki.fedoraproject.org/wiki/PKI_Main_Page We'd like to create a 'portable' CMS on a laptop running, say, Fedora release 8 (Werewolf).We'll then use this machine at different client sites where the machine's DNS name and IP address will change to issue certificates. Is this possible ? Firstly, I know that the console has the directory server's DNS name within the schema itself.My work-around is to leave an alias in /etc/hosts with the old hostname. I expect the following URLs to cause an 'exception' in the Browser because hostname in DN does NOT equal hostname for the machine: https://dogtag.org:9443/ca/agent/ca/https://dogtag.org:10443/kra/agent/kr... I reckon this can be over-ridden by simply accepting the 'exception' when presented with the warning dialogue-box in Mozilla. Q1. Any other considerations or obstacles ? Cdlt, _________________________________________________________________ Keep in touch and up to date with friends and family. Make the connection now. http://www.microsoft.com/windows/windowslive/

15 years, 2 months

5
8
0 / 0

Autoenrollment with Dogtag

by Christoffer Strömblad

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, As part of a future project I will be implementing a PKI using Dogtag. The company is interested in having autoenrollment functionality for their Linux-desktops. From what I've read I seem to find no indication that this functionality is provided. Is there a way to have a computer/user to be automatically provided with a certificate upon "notice" through SCEP? What options are available? Any hints or advice is appreciated. Regards, Christoffer Strömblad -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkl1mvYACgkQoGiwk4tHXN2oxAQAxm7gczqQLyxPBdX6h9vquySfLi+z CMxxP1DD13cQ673OVELFju6BXu+csQE+BpeeJsOJdOJ8RqefFSby8sXxhDsEsPtgeUlr +UAv/A1hULfQw+g9t6gE0v/vsX6wiXN1RBpvvylHkHGwluPTjc6OpKbCT+iBIQ3WOdwo Cn+P0Zc= =nFBy -----END PGP SIGNATURE-----

15 years, 2 months

2
1
0 / 0

[Fwd: Re: [Pki-users] Hi dogtag build question on fc9]

by Matthew Harmsen

15 years, 3 months

1
0
0 / 0

LDAP Authentication

by Zach Casper

We have followed all steps to install/run Fedora Dogtag/FDS using default settings. We have also added users/certificates from within the CA/RA subsystems. We are now to the point we need to format and enroll some smart cards, however, the LDAP Authentication dialog appears and no combination of LDAP User ID/Password work. We've tried cn=Directory Manager, Admin, pkiuser.all without luck. I know we must have users already in FDS but this documentation seems not to exist. How do we either add users in FDS so that we can continue to format and enroll smart cards? Are we missing something? -- Zach Casper Envieta LLC

15 years, 3 months

4
5
0 / 0

ESC Format / Enroll Error

by Zach Casper

We have an Infineon Smart Card and currently we are unable to Format/Enroll due to the following ESC Error "Formatting of smart card failed. Error: The Smart Card Server cannot upgrade the software on your smart card." And Diagnostics show this error: "Attempting to Format Key, ID: ####### - Key Format failure, Error: 19." This card comes up as "Formatted" because we've manually installed a version of the Dogtag applet prior to using ESC & Dogtag. Any advice on how we can troubleshoot? -- Zach Casper Envieta LLC ----------------------------------------

15 years, 3 months

4
9
0 / 0

RE: [Pki-users] ESC Format / Enroll Error

by Zach Casper

Tps-debug log shows the following: RA_Format_Processor::Process - applet upgrade failed Tps-error log show the following: RA_Processor::SetupSecureChannel - Failed to create a secure channel 0- potentially due to an RA/TKS key mismatch or differing RA/TKS key versions. RA_Processor::UpgradeApplet -0 channel create failure And a series of Bad Response when trying to SelectApplet or GetStatus zach _____________________________________________ From: Jack Magne [mailto:jmagne@redhat.com] Sent: Tuesday, December 23, 2008 1:10 PM To: Zach Casper Subject: Re: [Pki-users] ESC Format / Enroll Error The first step would be to take a look at the tps log or smart card server. These can be found at: /var/lib/pki-tps/logs/tps-debug.log Search the bottom of the log for error 19 and it should give you an idea of what TPS was trying to do at the time. Zach Casper wrote: > > We have an Infineon Smart Card and currently we are unable to > Format/Enroll due to the following ESC Error > > "Formatting of smart card failed. Error: The Smart Card Server cannot > upgrade the software on your smart card." > > And Diagnostics show this error: > > "Attempting to Format Key, ID: ####### - Key Format failure, Error: 19." > > This card comes up as "Formatted" because we've manually installed a > version of the Dogtag applet prior to using ESC & Dogtag. > > Any advice on how we can troubleshoot? > > -- > > Zach Casper > > Envieta LLC > > ---------------------------------------- > > ------------------------------------------------------------------------ > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users >

15 years, 3 months

4
12
0 / 0

any suggestion for get going with pki-tps in dogtag

by soham

Hi, Whereas i could install all other instances, but could not get going with pki-tps instance. What could be the common error. I have followed the same procedures for installing it. error message says 'unable to connect'.

15 years, 3 months

2
1
0 / 0

Default Secure Channel Key for Dogtag

by Zach Casper

Could there be an issue with the default key our card is loaded (VISA Key) not being able to create the secure connection to Dogtag subsystems? What are the default key(s) used/needed by Dogtag for connection? -- Zach Casper Envieta LLC

15 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-users January 2009