base64 CMC Request format
by Elliott William C OSS sIT
Hi all,
Can Dogtag (in this case v. 9.0.3-30.el6 ) be coerced into accepting base64-encoded CMC requests? Is there a parameter somewhere? Or would it require reprogramming?
We have a (smart-)card management system (runs under Windows) which sends the requests and expects the responses to both be base64 encoded.
Thanks and best regards,
William Elliott
s IT Solutions
Open System Services
8 years, 5 months
Exporting Keys from Database
by Jindrich Dolezal
hi,
im using dogtag 9.0. im trying to export the CA keys with the use of
PKCS12Export command. in the Deploy and Install guide there is command
to use:
PKCS12Export -debug -d /var/lib/{instance_name}/alias -w p12pwd.txt -p
internal.txt -o master.p12
where according to help
-p <file containing password for keydb> -w <file containing pkcs12
password> -o <output file for pkcs12>
but i always end up with:
PKCS12Export debug: PKCS12Export Exception:
org.mozilla.jss.util.IncorrectPasswordException
what is 'file containing password for keydb' and 'file containing pkcs12
password'?
i tried all combinations of passwords i used during the installation.
more over during the installation i was not asked for any password to
protect the keydb.
so my next question is: should the passwords be in special format, like
in base64, or more generally what passwords shall be used for this at all?
thanks
jd
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
10 years, 8 months
Clone CA configuration
by Jindrich Dolezal
hi,
i created clone CA, working fine. however i had to made changes in
CS.cfg and profiles manualy on cloned machine (like enabling scep
support/...). from the install guide, i had a feeling that the clone
would have the same configuration as master had at time of cloning:
chapter 10.1.7: "Set all desired, custom configuration for a master
server before configuring any clones....Any custom settings in the
master instance will be included in the cloned instances at the time
they are cloned (but not after).
which didn't happen. its not big deal, but have i forgot something?
thanks
jd
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
10 years, 9 months
Cloning CA
by Jindrich Dolezal
hi,
im using dogtag 9.0 (pki-ca-9.0.3) on rhel 6.2 and want to make clone.
i'm following 'Deploy and Install guide' chapter 10.3. So have master
ca, created clone ca and run the configuration wizard. i got to point
(point 10) where i am supposed to "Import Keys and Certificates". After
filling p12 file and password i ended with:
" org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 15; Open
quote is expected for attribute "BGCOLOR" associated with an element
type "BODY"."
error appearing on the page (see attached picture).
Note that when i fill incorrect file or invalid passord, the wizard
tells me with appropriate error (like no such file/...) but when
everything is correct SAX exception appears. SAX exception also appears
when i left the inputs blank and click next => therefore this step is
unpassable.
has anyone performed cloning with success?
thanks,
jd
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
10 years, 10 months
Deleting revoked certificates
by Oleg Antonenko
Hi!
Could anyone point me at documentation regarding physical removal of "old" revoked certificates from the system (db)?
I looked at the redhat & dogtag documentation online but didn't find any relevant info...
With thanks,
Oleg
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
10 years, 10 months
Support for Dogtag 10.1 on RHEL
by Anamitra Dutta Majumdar (anmajumd)
We are investigating and evaluating Dogtag 10.1 and would like to know if Dogtag 10.1 will be supported on RHEL7 or not.
If so what will be the Roadmap for the support.
Currently Dogtag 10.1 is supported only on Fedora versions > 20.
Thanks,
Anamitra
10 years, 10 months
dogtag v10 on rhel6
by Jindrich Dolezal
hi all,
i would like to install dogtag v10 on rhel6, however i cant find it
among rhel6 packages. does anybody know if/when it is planned to be
included? or howto run dogtag v10 on redhat.
i read some articles that fedora distro already has v10, but
unfortunately i have to use rhel, and ideally officially supported packages.
(btw. i tried also centos 6.5 which should be rhel clone but there is
just v9)
thanks,
jd
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
10 years, 10 months
Add info to a new OID
by Sergio Pereira
hi guys,
I'm trying to create a certificate profile in a way to have at the end a
certificate with a special attributes (supplied by the user through web
enrollment form). I'm running dogtag 10.1 on Fedora 20...fresh install. I
added a certificate profile using pkiconsole but I'm struggling in how to
find the right Policies, Inputs and Outputs for the new profile. The OID I
intent to write to it is the 2.16.76.1.3.3 (country specific OID). Here is
my profile's config file:
auth.instance_id=
desc=UserCNPJ
enable=false
enableBy=admin
input.CNPJ.class_id=genericInputImpl
input.CNPJ.name=Generic Input
input.CNPJ.params.gi_display_name0=Cadastro Nacional Pessoa Juridica
input.CNPJ.params.gi_display_name1=
input.CNPJ.params.gi_display_name2=
input.CNPJ.params.gi_display_name3=
input.CNPJ.params.gi_display_name4=
input.CNPJ.params.gi_param_enable0=true
input.CNPJ.params.gi_param_enable1=false
input.CNPJ.params.gi_param_enable2=false
input.CNPJ.params.gi_param_enable3=false
input.CNPJ.params.gi_param_enable4=false
input.CNPJ.params.gi_param_name0=cnpj
input.CNPJ.params.gi_param_name1=
input.CNPJ.params.gi_param_name2=
input.CNPJ.params.gi_param_name3=
input.CNPJ.params.gi_param_name4=
input.i1.class_id=keyGenInputImpl
input.i1.name=Key Generation Input
input.i2.class_id=subjectNameInputImpl
input.i2.name=Subject Name Input
input.i3.class_id=submitterInfoInputImpl
input.i3.name=Submitter Information Input
input.list=i1,i2,i3,CNPJ
input.params.gi_display_name0=Cadastro Nacional Pessoa Juridica
input.params.gi_display_name1=
input.params.gi_display_name2=
input.params.gi_display_name3=
input.params.gi_display_name4=
input.params.gi_param_enable0=true
input.params.gi_param_enable1=false
input.params.gi_param_enable2=false
input.params.gi_param_enable3=false
input.params.gi_param_enable4=false
input.params.gi_param_name0=cnpj
input.params.gi_param_name1=
input.params.gi_param_name2=
input.params.gi_param_name3=
input.params.gi_param_name4=
lastModified=1390319210315
name=UserCNPJ
output.list=o1
output.o1.class_id=certOutputImpl
output.o1.name=Certificate Output
policyset.list=set1
policyset.set1.list=p1,p2,p3,p4,p5,p06
policyset.set1.p06.constraint.class_id=noConstraintImpl
policyset.set1.p06.constraint.name=No Constraint
policyset.set1.p06.default.class_id=userExtensionDefaultImpl
policyset.set1.p06.default.name=User Supplied Extension Default
policyset.set1.p06.default.params.userExtOID=Comment Here...
policyset.set1.p1.constraint.class_id=noConstraintImpl
policyset.set1.p1.constraint.name=No Constraint
policyset.set1.p1.default.class_id=userSubjectNameDefaultImpl
policyset.set1.p1.default.name=User Supplied Subject Name Default
policyset.set1.p2.constraint.class_id=noConstraintImpl
policyset.set1.p2.constraint.name=No Constraint
policyset.set1.p2.default.class_id=validityDefaultImpl
policyset.set1.p2.default.name=Validity Default
policyset.set1.p2.default.params.range=180
policyset.set1.p2.default.params.startTime=0
policyset.set1.p3.constraint.class_id=noConstraintImpl
policyset.set1.p3.constraint.name=No Constraint
policyset.set1.p3.default.class_id=userKeyDefaultImpl
policyset.set1.p3.default.name=User Supplied Key Default
policyset.set1.p3.default.params.keyMaxLength=4096
policyset.set1.p3.default.params.keyMinLength=512
policyset.set1.p3.default.params.keyType=RSA
policyset.set1.p4.constraint.class_id=noConstraintImpl
policyset.set1.p4.constraint.name=No Constraint
policyset.set1.p4.default.class_id=signingAlgDefaultImpl
policyset.set1.p4.default.name=Signing Algorithm Default
policyset.set1.p4.default.params.signingAlg=-
policyset.set1.p4.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,,SHA512withEC
policyset.set1.p5.constraint.class_id=noConstraintImpl
policyset.set1.p5.constraint.name=No Constraint
policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl
policyset.set1.p5.default.name=Key Usage Extension Default
policyset.set1.p5.default.params.keyUsageCritical=true
policyset.set1.p5.default.params.keyUsageCrlSign=true
policyset.set1.p5.default.params.keyUsageDataEncipherment=true
policyset.set1.p5.default.params.keyUsageDecipherOnly=true
policyset.set1.p5.default.params.keyUsageDigitalSignature=true
policyset.set1.p5.default.params.keyUsageEncipherOnly=true
policyset.set1.p5.default.params.keyUsageKeyAgreement=true
policyset.set1.p5.default.params.keyUsageKeyCertSign=true
policyset.set1.p5.default.params.keyUsageKeyEncipherment=true
policyset.set1.p5.default.params.keyUsageNonRepudiation=true
visible=true
thx in advance,
sergio
10 years, 10 months