When renewing a certificate that is issued by RA the process is,
SSL End User Certificates >> User Enrollment >> Renewal - User and click on
the Renewal button.
What I observed is that the RA subsystem renew the certificates without a
confirmation from a RA Agent.
When logged in as RA agent and check the status of requests, it displays as,
renewal APPROVED agents test(a)techcert.lk 2011-6-30 12:42:10 0
It seems like approved from an agent.
Does anybody know how to fix this issue ?
While I can get the DogTag PKI to work with 389 Directory Server, I have trouble using a different directory server, I get missing entries in the access log for "cn=ldbm database,cn=plugins,cn=config". Can someone tell me what the requirements are if I want to switch to using another directory server for DogTag PKI?
Thanks in advance...
I am trying to add a new user to the system. I assume I need to issue a
cert for the user, but I am struggling to find info for doing this.
Can someone point me in the correct direction for reading about how to
I have a system setup currently running tinyca and would like to
migrate it to DogTag, has anyone ever successfully managed to do this?
Is this even possible?
I would like to keep all existing certificates (and revoked) intact.
I did a quick search on Google and didn't seem to find any relevant results.
I'm trying to support keygen-provisioned browsers in the RA.
I can do almost everything needed, but I can't figure out how
to get the subject name into the certificate.
I can definitely get the CA to pick up the subject name as
a parameter, but either I am not giving it the right name in the
parameter blob, or something else is amiss. What the CA does
is issue these RA-approved requests with the a subject name the
same as the CA's.
(Non-keygen requests are processed differently and the subject AVAs
should be embedded in the request. It would be nice to be able
to have RA agents edit request subject names before submission, tho.)
Help me understand what to do here.
Anyone some hints on ATR mapping inside the CS.conf?
I have copy and pasted the ATR of my card from the tps-debug.log to the CS.conf
It does neither match on the format nor on the enrollment mapping, it
does however work if I use the CUID.
I am quite sure I have no errors on the config file. Is there anything
special on the ATR parsing?