Problems with Dogtag and CA cert signed by External CA
by Dwayne MacKinnon
Hi all,
A helpful fellow called alee on #dogtag-pki suggested I write the list. I've
been playing with dogtag-pki-9.0.0-10 on 64-bit Fedora 17.
I'm looking to use dogtag to run a subordinate CA that does all our everyday
PKI stuff. So when I used pki-create and went into the webform, I went the
"create a csr" route and signed it using a root CA I'd set up using openssl.
Everything seemed to work out fine, until I got to the point where I was
restarting pki-cad (using systemctl restart pki-cad(a)pki-ca.service). It
wouldn't start.
With alee's help I tracked it down to a failure of SystemCertsVerification
during the selftests.
He asked me to submit my debug log to the list, so here it is.
Cheers,
DMK
11 years, 11 months
PKI CA web services not functional (Dog Tag 9.0 CentOS 6)
by Jim Galvin
ALCON,
I am working my way through setting up a CentOS 6 64-bit workstation with
389 Directory Services and Dog Tag CS 9.0 for a test environment. I have
the DS service up and running and have installed the "pki-core" RPMs and
additonal Fedora Core 15 RPM files for pki-console and pki-ra. I
successfully configured the CA and created the appropriate certificates. I
can see the CA elements in the 389console so I know that CS <-> LDAP
communications are successful. I can also use the pki-console to see that a
CA certificate and its related key pair are available.
My problems are related to the web side of the CA service. I cannot access
the web-based services: FQDN:9444/ca/ee/ca (SSL End User Services) or
FQDN:9443/ca/agent/ca/ (Agent Services (does prompt for a certifiate))
which are display as hyperlinks from CA Services page FQDN:45/ca/services.
When I click these links I get a blank page. Also, the CA Services page
shows "XXXXXX" and "XXXXXX® Certificate System" in the page heading. I
assume something about Dog Tag should be there.
To add some additional content I went ahead and installed the pki-ra RPM
and attempted to configure the instance. When accessing the pki-ra
administrative configuration page (this works) the RA cannot contact the
existing Security Domain at FQDN:9445. This is confusing as the pkiconsole
can connect at FQDN:9445/ca, so something must be working. :-)
Any assistance would be most grateful. Thank you for your time and efforts.
[root@FQDN ~]# service pki-cad status
pki-ca (pid 1857) is running... [ OK ]
Unsecure Port = http://FQDN:9180/ca/ee/ca
Secure Agent Port = https://FQDN:9443/ca/agent/ca
Secure EE Port = https://FQDN:9444/ca/ee/ca
Secure Admin Port = https://FQDN:9445/ca/services
EE Client Auth Port = https://FQDN:9446/ca/eeca/ca
PKI Console Port = pkiconsole https://FQDN:9445/ca
Tomcat Port = 9701 (for shutdown)
PKI Instance Name: pki-ca
PKI Subsystem Type: Root CA (Security Domain)
Registered PKI Security Domain Information:
==========================================================================
Name: FQDN Domain
URL: https://FQDN:9445
==========================================================================
[root@FQDN ~]# getenforce
Permissive
[root@FQDN ~]# service iptables status
iptables: Firewall is not running.
root@FQDN ~]# netstat -an|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 0.0.0.0:9830 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:5672 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN
tcp 0 0 192.168.1.94:22 192.168.1.109:56448
ESTABLISHED
tcp 0 0 ::ffff:127.0.0.1:9701 :::*
LISTEN
tcp 0 0 :::9445 :::*
LISTEN
tcp 0 0 :::389 :::*
LISTEN
tcp 0 0 :::9446 :::*
LISTEN
tcp 0 0 :::5672 :::*
LISTEN
tcp 0 0 :::22 :::*
LISTEN
tcp 0 0 ::1:25 :::*
LISTEN
tcp 0 0 :::9180 :::*
LISTEN
tcp 0 0 :::9443 :::*
LISTEN
tcp 0 0 :::9444 :::*
LISTEN
[root@FQDN ~]# more /var/log/pki-ca/system
2310.main - [28/Dec/2012:07:47:08 EST] [3] [3] Cannot build CA chain. Error
java.security.cert.CertificateException: Certificate is not a PKCS #11
certificate
2310.main - [28/Dec/2012:07:47:09 EST] [13] [3] authz instance DirAclAuthz
initialization failed and skipped, error=Property internaldb.ldapconn.port
missing value
2310.http-9445-7 - [28/Dec/2012:07:51:37 EST] [3] [3] Cannot build CA
chain. Error java.security.cert.CertificateException: Certificate is not a
PKCS #11 certificate
2310.http-9445-7 - [28/Dec/2012:07:53:26 EST] [3] [3] CASigningUnit: Object
certificate not found. Error org.mozilla.jss.crypto.ObjectNotFoundException
3256.http-9445-7 - [28/Dec/2012:09:05:06 EST] [20] [3] JSS Import
certificate org.mozilla.jss.CryptoManager$NicknameConflictException
[root@ca-l pki-ca]# more /var/log/pki-ca/localhost.2012-12-28.log
Dec 28, 2012 7:47:27 AM org.apache.catalina.core.ApplicationContext log
INFO: Use of the properties initialization parameter 'properties' has been
deprecated by 'org.apache.velocity.properties'
Dec 28, 2012 7:47:28 AM org.apache.catalina.core.ApplicationContext log
INFO: Use of the properties initialization parameter 'properties' has been
deprecated by 'org.apache.velocity.properties'
Dec 28, 2012 7:56:07 AM org.apache.catalina.core.ApplicationContext log
SEVERE: Servlet castart threw unload() exception
javax.servlet.ServletException: Servlet.destroy() for servlet castart threw
exception
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1413)
at
org.apache.catalina.core.StandardWrapper.stop(StandardWrapper.java:1739)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4601)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1319)
at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1290)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:323)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
at
org.apache.catalina.core.StandardService.stop(StandardService.java:584)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
at org.apache.catalina.startup.Catalina.stop(Catalina.java:643)
at org.apache.catalina.startup.Catalina.start(Catalina.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.NullPointerException
at
com.netscape.ca.CertificateAuthority.shutdown(CertificateAuthority.java:496)
at
com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:1609)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1552)
at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:199)
at
com.netscape.cms.servlet.base.CMSStartServlet.destroy(CMSStartServlet.java:108)
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1394)
... 20 more
Dec 28, 2012 9:43:03 AM org.apache.catalina.core.ApplicationContext log
SEVERE: Servlet castart threw unload() exception
javax.servlet.ServletException: Servlet.destroy() for servlet castart threw
exception
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1413)
at
org.apache.catalina.core.StandardWrapper.stop(StandardWrapper.java:1739)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4601)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1319)
at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1290)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:323)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
at
org.apache.catalina.core.StandardService.stop(StandardService.java:584)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
at org.apache.catalina.startup.Catalina.stop(Catalina.java:643)
at org.apache.catalina.startup.Catalina.start(Catalina.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.NoSuchMethodError
at java.lang.Thread.destroy(Thread.java:979)
at
com.netscape.cmscore.jobs.JobsScheduler.shutdown(JobsScheduler.java:448)
at
com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:1609)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1551)
at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:199)
at
com.netscape.cms.servlet.base.CMSStartServlet.destroy(CMSStartServlet.java:108)
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1394)
... 20 more
Dec 28, 2012 11:06:53 AM org.apache.catalina.core.ApplicationContext log
SEVERE: Servlet castart threw unload() exception
javax.servlet.ServletException: Servlet.destroy() for servlet castart threw
exception
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1413)
at
org.apache.catalina.core.StandardWrapper.stop(StandardWrapper.java:1739)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4601)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1319)
at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1290)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:323)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
at
org.apache.catalina.core.StandardService.stop(StandardService.java:584)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
at org.apache.catalina.startup.Catalina.stop(Catalina.java:643)
at org.apache.catalina.startup.Catalina.start(Catalina.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.NoSuchMethodError
at java.lang.Thread.destroy(Thread.java:979)
at
com.netscape.cmscore.jobs.JobsScheduler.shutdown(JobsScheduler.java:448)
at
com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:1609)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1551)
at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:199)
at
com.netscape.cms.servlet.base.CMSStartServlet.destroy(CMSStartServlet.java:108)
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1394)
... 20 more
Dec 28, 2012 11:59:32 AM org.apache.catalina.core.ApplicationContext log
SEVERE: Servlet castart threw unload() exception
javax.servlet.ServletException: Servlet.destroy() for servlet castart threw
exception
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1413)
at
org.apache.catalina.core.StandardWrapper.stop(StandardWrapper.java:1739)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4601)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1319)
at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1290)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:323)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:448)
at
org.apache.catalina.core.StandardService.stop(StandardService.java:584)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
at org.apache.catalina.startup.Catalina.stop(Catalina.java:643)
at org.apache.catalina.startup.Catalina.start(Catalina.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.NoSuchMethodError
at java.lang.Thread.destroy(Thread.java:979)
at
com.netscape.cmscore.jobs.JobsScheduler.shutdown(JobsScheduler.java:448)
at
com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:1609)
at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:1551)
at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:199)
at
com.netscape.cms.servlet.base.CMSStartServlet.destroy(CMSStartServlet.java:108)
at
org.apache.catalina.core.StandardWrapper.unload(StandardWrapper.java:1394)
... 20 more
11 years, 11 months
Assistance requested: cannot locate "pkiconsole" or "pki-console" on Dog Tag CS 9.0
by Jim Galvin
Hello,
I have installed Dog Tag 9.0.3 from EPEL RPM on a CentOS 6 64-bit machine.
My LDAP server is Fedora 389 version 1.2.10.12 also from RPM. This is a
test envrionment for another product where certificates are required. Per
Dog Tag documentation I am utilizing the RHCS documentation in setting up
and configuring the CA. The documentation makes use of the utility
"pkiconsole". I cannot find this in my filesystem. I have looked into
various pki-console-based RPM files but none seem to provide this utility.
I am sure I have missed over something in the documentation. If someone
could provide me a link to instructions or something to assist I would be
most grateful.
Here is a listing of the pki-related packages I have installed:
pki-symkey-9.0.3-24.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
pki-java-tools-9.0.3-24.el6.noarch
pki-setup-9.0.3-24.el6.noarch
pki-ca-9.0.3-24.el6.noarch
pki-util-9.0.3-24.el6.noarch
pki-common-9.0.3-24.el6.noarch
ipa-pki-common-theme-9.0.3-7.el6.noarch
pki-selinux-9.0.3-24.el6.noarch
pki-native-tools-9.0.3-24.el6.x86_64
Thank you,
Jim Galvin
11 years, 11 months
Announcing Dogtag 10.0 Release Candidate 1
by Ade Lee
The Dogtag team is proud to announce version Dogtag v10.0.0 Release
Candidate 1.
A build is available for Fedora 18 in the updates-testing repo. Please
try it out and provide karma to move it to the F18 stable repo.
Daily developer builds for Fedora 17 and 18 are available at
http://nkinder.fedorapeople.org/dogtag-devel/fedora/
== Build Versions ==
pki-core-10.0.0-2.fc18
pki-ra-10.0.0-1.fc18
pki-tps-10.0.0-1.fc18
dogtag-pki-10.0.0-1.fc18
dogtag-pki-theme-10.0.0-1.fc18
pki-console-10.0.0-1.fc18
== Highlights since Dogtag v. 10.0.0 beta 2 (Oct 30 2012) ==
* Simplified and enhanced pkispawn.
** Added detailed man pages to document use of pkispawn, pkidestroy
and the command line utility pki.
** Removed --dry-run option and unused respawn() code.
** Replaced links of scriptlets with lists
** Modified the way pkispawn parses configuration files. pkispawn now
reads a template file for default settings, and a much smaller and
simpler user-defined configuration file for customizations and
overrides. Moreover, pkispawn uses interpolation to substitute in
values. See the man pages for details.
** Added the ability to import an admin cert into the administrative
user created for each subsystem. This allows multiple subsystems
within the same instance to be more easily managed within the same
browser.
** Implemented ability to install a subordinate CA using pkispawn.
** Implemented ability to install an externally signed CA using
pkispawn.
* Simplified the structure of the UI packages
** All images and css files have been moved to dogtag-pki-server-theme
for all subsystems.
** Removed unused and duplicated files.
** Template files have been moved to the underlying subsystem files.
In future, all theme related messages in those files will be
parameterized and placed in dogtag-pki-server-theme. This will
significantly simplify the process of customizing or
internationalizing an instance and its theme.
** Retired all the subsystem specific UI packages, reducing the number
of UI packages from 7 to 1.
* Security fixes for CVE-2012-4543 Certificate System: Multiple
cross-site scripting flaws by displaying CRL or processing.
* Memory fixes for the TPS
* Updated to latest version of cmake, removing obsolete modules.
== Notes for F17 ==
* Only developer builds are available for F17.
* F17 tomcat used to have a bug in the way it handles pid files.
https://bugzilla.redhat.com/show_bug.cgi?id=863307. Make sure that you
have at least tomcat-7.0.32-1.fc17.
== Feedback ==
Please provide comments, bugs and other feedback via the pki-devel
mailing list: http://www.redhat.com/mailman/listinfo/pki-devel
== Detailed Changelog ==
akoneru (2):
0667896 Fix for improper crl retrieval from CA.
f400f3b Invalid ACL resources Fix in KRA for certServer.kra.keys
alee (25):
6e77f33 Updated pki-core spec file to 10.0.0-2
a505c8c fix typo in spec file
f73a662 Update to rc1 build
1e46576 Added more detail to man page for pki(1)
cbfdae8 Remove server code from CertSearchRequest
cd279e3 Modified section on sample.cfg
a3f7d58 Interpolation correction patch based on review comments
065d883 Use interpolation to build default parameters
35dc100 Change the structure of the client directory.
03a6350 Common User: pkispawn changes
6be1194 Common admin user: config servlet changes
871b442 Misc changes to get rhel 7 build to work
40e58f9 Link to resteasy-base on rhel systems when running pkispawn
96af71d Removed obsolete cmake modules, updated spec files
9862a04 Updating cmake variables
440a9e7 removed obsolete cmake modules
1de7c91 Change cmake projects from Java to NONE
2efc66e spec file changes
999a0f1 Added missing Provides
eb74b11 update to b3
64eaca2 Fix issue with pki_external being referenced for non-CA
318716f removed dry_run from pkispawn
019a933 Remove unused respawn code.
a80e994 Convert admin cert from a to b before importing to certdb
db9537d Set paths for default instance
awnuk(1):
883e0ec number verification
edewata (52):
9996d71 Parameterizing RESTEasy paths.
81bb209 Archiving default deployment configuration.
66c519f I18n for ProfileList.template.
a4c95c3 Removed RA and TPS theme packages.
3dfee91 Reorganized TPS CSS files.
d8f56d8 Reorganized TPS templates and scripts.
538dee3 Reorganized RA templates and scripts.
083e130 Fixed permission problem in TKS.
6344d6e Replaced links of scriptlets with lists.
471a493 Simplified the configuration file using defaults.
5e93dc2 Reorganized sensitive parameters.
cef7a77 Fixed issuedOn parameters for cert-find.
ba1e743 Fixed default security domain user.
68751fb Refactored pkiparser.py into PKIConfigParser.
9bb7143 Removed CA, KRA, OCSP, TKS theme packages.
46fda5d Reorganized CA, KRA, OCSP, TKS templates.
edf9c22 Reorganized common templates.
c8336ea Renamed pki-common-theme to pki-server-theme.
105ffbd Reorganized ESC images.
545b796 Removed unused files in tps-ui.
f3e20fc Removed unused files in ra-ui.
6197b95 Removed unused files in tks-ui.
b45fc00 Removed unused files in ocsp-ui.
d248593 Removed unused files in kra-ui.
42f48ab Removed unused files in ca-ui.
41e061f Removed unused files in common-ui.
fb80a25 Updated tools to deploy combined images and CSS files.
4109bc3 Combined theme images and CSS files into common-ui.
515e882 Fixed pkisilent build problem.
cb209df Added ACLInterceptor.
87556b7 Update pki-base.css paths.
386d703 Updated rootca.gif and sub.gif paths.
6a1302a Updated icon-software.gif paths.
1ca3b21 Updated icon_crit_update.gif paths.
d7306c4 Updated clearpixel.gif paths.
599a3e7 Updated certificate.png and no-certificate.png paths.
5a14647 Updated bigrotation2.gif paths.
d5802a7 Updated lgRightTab2.gif paths.
33746d8 Updated dgRightTab2.gif paths.
918764d Updated lgRightTab.gif paths.
6e836a6 Updated lgLeftTab.gif paths.
792becd Updated goto-tall.gif paths.
3b4a7e4 Updated dgRightTab.gif paths.
122b650 Updated dgLeftTab.gif paths.
45aff6c Updated spacer.gif paths.
137d8f9 Updated hr.gif paths.
810ecfe Updated gray90.gif paths.
f077cf4 Updated logo_header.gif paths.
a959d7d Updated favicon.ico paths.
70a0dd8 Merged theme files.
d9a9e23 Fixed problem finding SHA-256 message digest.
8eb2ccf Fixed PrettyPrintCert and PrettyPrintCrl.
jmagne(1):
6180bb1 Latest TPS memory related fixes.
mharmsen (9):
70938da More edits to man pages including spell checking via 'aspell'.
34851bb Revised 'pki_default.cfg5' man page.
e7b7d98 Added man pages.
8d5eb93 Implemented ability to utilize an external CA
6a1cf64 Removed 'pki/base/silent/templates/subca_silent.template'.
af58413 Move default location for client cert database (pkisilent)
cfcd015 Move default location for client certificate database
1e15712 Enable Subordinate CA
906acfd Enable building on ARM architecture.
12 years