Certificates renewed without the confirmation from a RA Agent
by Harshana Porawagama
Hi,
When renewing a certificate that is issued by RA the process is,
SSL End User Certificates >> User Enrollment >> Renewal - User and click on
the Renewal button.
What I observed is that the RA subsystem renew the certificates without a
confirmation from a RA Agent.
When logged in as RA agent and check the status of requests, it displays as,
renewal APPROVED agents test(a)techcert.lk 2011-6-30 12:42:10 0
It seems like approved from an agent.
Does anybody know how to fix this issue ?
Regards,
Harshana
11 years, 9 months
Using a different directory server
by Karmen Lei
Hi,
While I can get the DogTag PKI to work with 389 Directory Server, I have trouble using a different directory server, I get missing entries in the access log for "cn=ldbm database,cn=plugins,cn=config". Can someone tell me what the requirements are if I want to switch to using another directory server for DogTag PKI?
Thanks in advance...
Karmen
11 years, 9 months
Adding new admin using certs
by Julian De Marchi
heya--
I am trying to add a new user to the system. I assume I need to issue a
cert for the user, but I am struggling to find info for doing this.
Can someone point me in the correct direction for reading about how to
do this?
Many thanks!
--julian
11 years, 9 months
dogtag virtual image
by Julian De Marchi
heya--
I would like to test dogtag for my company. I was wondering if there is
some sort of virtual appliance of dogtag that one can simple run to test
with.
--julian
11 years, 9 months
Migration from tinyca to DogTag
by Mike Mercier
Hello,
I have a system setup currently running tinyca and would like to
migrate it to DogTag, has anyone ever successfully managed to do this?
Is this even possible?
I would like to keep all existing certificates (and revoked) intact.
I did a quick search on Google and didn't seem to find any relevant results.
Thanks,
Mike
11 years, 9 months
keygen support in RA
by Mike Helm
I'm trying to support keygen-provisioned browsers in the RA.
I can do almost everything needed, but I can't figure out how
to get the subject name into the certificate.
I can definitely get the CA to pick up the subject name as
a parameter, but either I am not giving it the right name in the
parameter blob, or something else is amiss. What the CA does
is issue these RA-approved requests with the a subject name the
same as the CA's.
(Non-keygen requests are processed differently and the subject AVAs
should be embedded in the request. It would be nice to be able
to have RA agents edit request subject names before submission, tho.)
Help me understand what to do here.
Thanks, ==mwh
Michael Helm
ESnet/LBNL
11 years, 9 months
mapping filter.tokenATR
by Fabian Bertholm
Hi,
Anyone some hints on ATR mapping inside the CS.conf?
I have copy and pasted the ATR of my card from the tps-debug.log to the CS.conf
i.e.: op.enroll.mapping.2.filter.tokenATR=3B759400006202020201
It does neither match on the format nor on the enrollment mapping, it
does however work if I use the CUID.
I am quite sure I have no errors on the config file. Is there anything
special on the ATR parsing?
B.r.
Fabe
11 years, 9 months
