file publishing question
by Brown, Chris
I set up a new Publisher that is supposed to write the CRL to the /tmp
directory. I was going to then going to use a cron job to move it to a web
server. The publisher job does not seem to be firing and I don't see
anything in the logs referring to it (except when the CA is started). Has
anyone successfully used a file publisher? Here is the config:
ca.publish.publisher.instance.webServerPub.crlLinkExt=
ca.publish.publisher.instance.webServerPub.directory=/tmp
ca.publish.publisher.instance.webServerPub.latestCrlLink=true
ca.publish.publisher.instance.webServerPub.pluginName=FileBasedPublisher
ca.publish.publisher.instance.webServerPub.Filename.b64=true
ca.publish.publisher.instance.webServerPub.Filename.der=true
Thanks
15 years, 9 months
Token Id question
by Veale, Sean
Sorry hit send to fast. Here is the full email
In the TPS agent page the tokens are identified by a unique identifier
it seems. You can see an example here.
http://www.redhat.com/docs/manuals/cert-system/7.3/html/Agent_Guide/TPS_
Agent_Services-Managing_Tokens.html#Managing_Tokens-Editing_the_Token
Is this the CUID, and is it read off the card during format? Or is it
created in some fashion? If it is created what data is used to do that?
Thanks
Sean
15 years, 9 months
Token Id question.
by Veale, Sean
In the TPS agent sevices page the formated and enrolled tokens have a
unquie identifier with them that you can see here
15 years, 9 months
multi-valued attribute rdn
by Brown, Chris
Are multi-valued attribute distinguished names supported? Something like:
cn=Jon Smith+uid=123456,ou=Accounting,o=Some Org,c=US
15 years, 9 months
ESC modification questions
by Veale, Sean
I've noticed the TPS servers html pages (which seem to be located in
the default 7.3 install at var/lib/pki-tps/docRoot/esc to handle the
enrollment of a token so that flow can easily be modified.
The question I have is their a way to disable user functionallity in the
esc so some actions are not possible (i.e) formating a card? And if so
how?
Thanks
Sean
15 years, 9 months
CA Setup Wizard cannot create new Security Domain
by Uzor Ide
Hi
I am evaluating the dogcat certificate server for use in our company. My
problem is that I am running into the Bug 441974 issue. I do not however
have any tomcat5-native rpm and have tried changing the C LANG from CA to C
but still have the problem.
This is a fedora 9 system
rpm -qa | grep tomcat5
tomcat5-jasper-5.5.27-0jpp.2.fc9.i386
tomcat5-5.5.27-0jpp.2.fc9.i386
jakarta-commons-dbcp-tomcat5-1.2.1-11jpp.3.fc9.i386
tomcat5-jsp-2.0-api-5.5.27-0jpp.2.fc9.i386
tomcat5-servlet-2.4-api-5.5.27-0jpp.2.fc9.i386
jakarta-commons-pool-tomcat5-1.3-10jpp.3.fc9.i386
tomcat5-server-lib-5.5.27-0jpp.2.fc9.i386
jakarta-commons-collections-tomcat5-3.2-2jpp.2.fc9.i386
tomcat5-common-lib-5.5.27-0jpp.2.fc9.i386
cat /etc/sysconfig/i18n
LANG="C"
SYSFONT="latarcyrheb-sun16"
Below is the pki-ca log debug
[07/Feb/2009:07:31:14][main]: CMS:Caught EBaseException
Failed to create jss service:
org.mozilla.jss.CryptoManager$NotInitializedException
at
com.netscape.cmscore.security.JssSubsystem.init(JssSubsystem.java:252)
at
com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:732)
at
com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:661)
at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:276)
at com.netscape.certsrv.apps.CMS.init(CMS.java:152)
at com.netscape.certsrv.apps.CMS.start(CMS.java:1490)
at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:78)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1139)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:966)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3956)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4230)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927)
at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:890)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:448)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
[07/Feb/2009:07:31:14][main]: CMSEngine.shutdown()
Any help will be greatly appreciated
Thanks
__Uz
15 years, 10 months
building dogtag
by Brown, Chris
I am trying to build dogtag from the latest SVN trunk using the default
Fedora 8 installation. While running the build_pki script, I receive the
following unmet dependencies:
[exec] error: Failed build dependencies:
[exec] java-devel >= 1.6.0 is needed by osutil-1.0.0-4.fc8.i386
[exec] nspr-devel >= 4.6.99 is needed by osutil-1.0.0-4.fc8.i386
[exec] nss-devel >= 3.12.0 is needed by osutil-1.0.0-4.fc8.i386
I've tried to update these rpms, but there are no updates available for
Fedora 8. Should I upgrade to Federa 9 to get these packages? Thanks
15 years, 10 months
Autoenrollment with Dogtag
by Christoffer Strömblad
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
As part of a future project I will be implementing a PKI using
Dogtag. The company is interested in having autoenrollment
functionality for their Linux-desktops. From what I've read I seem
to find no indication that this functionality is provided.
Is there a way to have a computer/user to be automatically provided
with a certificate upon "notice" through SCEP? What options are
available?
Any hints or advice is appreciated.
Regards,
Christoffer Strömblad
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wpwEAQECAAYFAkl1mvYACgkQoGiwk4tHXN2oxAQAxm7gczqQLyxPBdX6h9vquySfLi+z
CMxxP1DD13cQ673OVELFju6BXu+csQE+BpeeJsOJdOJ8RqefFSby8sXxhDsEsPtgeUlr
+UAv/A1hULfQw+g9t6gE0v/vsX6wiXN1RBpvvylHkHGwluPTjc6OpKbCT+iBIQ3WOdwo
Cn+P0Zc=
=nFBy
-----END PGP SIGNATURE-----
15 years, 10 months