February 2009 - Pki-users - Dogtag Pki List Archives

by Brown, Chris

I set up a new Publisher that is supposed to write the CRL to the /tmp directory. I was going to then going to use a cron job to move it to a web server. The publisher job does not seem to be firing and I don't see anything in the logs referring to it (except when the CA is started). Has anyone successfully used a file publisher? Here is the config: ca.publish.publisher.instance.webServerPub.crlLinkExt= ca.publish.publisher.instance.webServerPub.directory=/tmp ca.publish.publisher.instance.webServerPub.latestCrlLink=true ca.publish.publisher.instance.webServerPub.pluginName=FileBasedPublisher ca.publish.publisher.instance.webServerPub.Filename.b64=true ca.publish.publisher.instance.webServerPub.Filename.der=true Thanks

15 years, 2 months

2
2
0 / 0

Certificate System Want to change hostname/IP address after installation

by lambam80＠hotmail.com

Hello everybody: Firstly, is this the primary Email-list for Dogtag/Red Hat Certificate System ? Naturally, I've looked through all the archives, found here, for an answer: https://www.redhat.com/archives/pki-users/ We're using the DOGTAG CMS system found here: http://pki.fedoraproject.org/wiki/PKI_Main_Page We'd like to create a 'portable' CMS on a laptop running, say, Fedora release 8 (Werewolf).We'll then use this machine at different client sites where the machine's DNS name and IP address will change to issue certificates. Is this possible ? Firstly, I know that the console has the directory server's DNS name within the schema itself.My work-around is to leave an alias in /etc/hosts with the old hostname. I expect the following URLs to cause an 'exception' in the Browser because hostname in DN does NOT equal hostname for the machine: https://dogtag.org:9443/ca/agent/ca/https://dogtag.org:10443/kra/agent/kr... I reckon this can be over-ridden by simply accepting the 'exception' when presented with the warning dialogue-box in Mozilla. Q1. Any other considerations or obstacles ? Cdlt, _________________________________________________________________ Keep in touch and up to date with friends and family. Make the connection now. http://www.microsoft.com/windows/windowslive/

15 years, 2 months

5
8
0 / 0

Token Id question

by Veale, Sean

Sorry hit send to fast. Here is the full email In the TPS agent page the tokens are identified by a unique identifier it seems. You can see an example here. http://www.redhat.com/docs/manuals/cert-system/7.3/html/Agent_Guide/TPS_ Agent_Services-Managing_Tokens.html#Managing_Tokens-Editing_the_Token Is this the CUID, and is it read off the card during format? Or is it created in some fashion? If it is created what data is used to do that? Thanks Sean

15 years, 2 months

1
0
0 / 0

Token Id question.

by Veale, Sean

In the TPS agent sevices page the formated and enrolled tokens have a unquie identifier with them that you can see here

15 years, 2 months

1
0
0 / 0

multi-valued attribute rdn

by Brown, Chris

Are multi-valued attribute distinguished names supported? Something like: cn=Jon Smith+uid=123456,ou=Accounting,o=Some Org,c=US

15 years, 2 months

2
1
0 / 0

ESC modification questions

by Veale, Sean

I've noticed the TPS servers html pages (which seem to be located in the default 7.3 install at var/lib/pki-tps/docRoot/esc to handle the enrollment of a token so that flow can easily be modified. The question I have is their a way to disable user functionallity in the esc so some actions are not possible (i.e) formating a card? And if so how? Thanks Sean

15 years, 2 months

2
1
0 / 0

CA Setup Wizard cannot create new Security Domain

by Uzor Ide

Hi I am evaluating the dogcat certificate server for use in our company. My problem is that I am running into the Bug 441974 issue. I do not however have any tomcat5-native rpm and have tried changing the C LANG from CA to C but still have the problem. This is a fedora 9 system rpm -qa | grep tomcat5 tomcat5-jasper-5.5.27-0jpp.2.fc9.i386 tomcat5-5.5.27-0jpp.2.fc9.i386 jakarta-commons-dbcp-tomcat5-1.2.1-11jpp.3.fc9.i386 tomcat5-jsp-2.0-api-5.5.27-0jpp.2.fc9.i386 tomcat5-servlet-2.4-api-5.5.27-0jpp.2.fc9.i386 jakarta-commons-pool-tomcat5-1.3-10jpp.3.fc9.i386 tomcat5-server-lib-5.5.27-0jpp.2.fc9.i386 jakarta-commons-collections-tomcat5-3.2-2jpp.2.fc9.i386 tomcat5-common-lib-5.5.27-0jpp.2.fc9.i386 cat /etc/sysconfig/i18n LANG="C" SYSFONT="latarcyrheb-sun16" Below is the pki-ca log debug [07/Feb/2009:07:31:14][main]: CMS:Caught EBaseException Failed to create jss service: org.mozilla.jss.CryptoManager$NotInitializedException at com.netscape.cmscore.security.JssSubsystem.init(JssSubsystem.java:252) at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:732) at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:661) at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:276) at com.netscape.certsrv.apps.CMS.init(CMS.java:152) at com.netscape.certsrv.apps.CMS.start(CMS.java:1490) at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:78) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:966) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3956) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4230) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:890) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) [07/Feb/2009:07:31:14][main]: CMSEngine.shutdown() Any help will be greatly appreciated Thanks __Uz

15 years, 2 months

1
0
0 / 0

building dogtag

by Brown, Chris

I am trying to build dogtag from the latest SVN trunk using the default Fedora 8 installation. While running the build_pki script, I receive the following unmet dependencies: [exec] error: Failed build dependencies: [exec] java-devel >= 1.6.0 is needed by osutil-1.0.0-4.fc8.i386 [exec] nspr-devel >= 4.6.99 is needed by osutil-1.0.0-4.fc8.i386 [exec] nss-devel >= 3.12.0 is needed by osutil-1.0.0-4.fc8.i386 I've tried to update these rpms, but there are no updates available for Fedora 8. Should I upgrade to Federa 9 to get these packages? Thanks

15 years, 2 months

4
9
0 / 0

Autoenrollment with Dogtag

by Christoffer Strömblad

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, As part of a future project I will be implementing a PKI using Dogtag. The company is interested in having autoenrollment functionality for their Linux-desktops. From what I've read I seem to find no indication that this functionality is provided. Is there a way to have a computer/user to be automatically provided with a certificate upon "notice" through SCEP? What options are available? Any hints or advice is appreciated. Regards, Christoffer Strömblad -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkl1mvYACgkQoGiwk4tHXN2oxAQAxm7gczqQLyxPBdX6h9vquySfLi+z CMxxP1DD13cQ673OVELFju6BXu+csQE+BpeeJsOJdOJ8RqefFSby8sXxhDsEsPtgeUlr +UAv/A1hULfQw+g9t6gE0v/vsX6wiXN1RBpvvylHkHGwluPTjc6OpKbCT+iBIQ3WOdwo Cn+P0Zc= =nFBy -----END PGP SIGNATURE-----

15 years, 2 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-users February 2009