Good day to you all.
What is the process to renew all the four system certificates
(SubsystemCert, ServerCert, ocspSigningCert and AuditsigningCert) when
those existing certificates are currently expired. I cant access the
pkiconsole also as the system is not up and running.
I have used the certutil to generate the certificate requests and get it
signed by the CA. But it didn't work as expected. I believe the procedure
that i have followed to request generation or the signing profiles used for
the generation, may have some issues.
Can Dogtag (in this case v. 9.0.3-30.el6 ) be coerced into accepting base64-encoded CMC requests? Is there a parameter somewhere? Or would it require reprogramming?
We have a (smart-)card management system (runs under Windows) which sends the requests and expects the responses to both be base64 encoded.
Thanks and best regards,
s IT Solutions
Open System Services
I'm running Fedora 21 with Dogtag 10.2.1-3 and trying to get the
Registration Authority subsystem to install to enable SCEP ultimately.
I installed pki-ra, but when I run "pkispawn -s RA" I get the following:
Traceback (most recent call last):
File "/usr/sbin/pkispawn", line 579, in <module>
File "/usr/sbin/pkispawn", line 143, in main
line 192, in init_config
UnboundLocalError: local variable 'default_instance_name' referenced
Can anyone point me in the right direction concerning SCEP and DogTag 10?
Is there some updated documentation on this somewhere I'm missing?
we have a rather large dogtag install here and the ldap-info is getting
hard to handle (right now in the ~75Gb range).
Are there any recomended ways to partition the data ? I am thinking of
migrating all expired and revoked certificates to a chainend ldap-instance
and keep only the "valid" certificates data in direct access to the CA
The migration from the "valid" partition to the "expired" partition will
have to be done outside of dogtag and the 389ds-ldaps, probably by a script
at night (it probably could be integrated into the expire runs the dogtag
Has a thing like this been done yet? What were the experiences ? What sould
I look out for ?
Mit freundlichen Grüßen,
I’ve DogTag 10.1.2 setup with externally signed CA (using the steps outline in the link below) and the setup works perfectly fine:
I would like to know if DogTag also supports configuring externally acquired private key and certificate.
In other words, If I generate the private key and CSR using openssl and submit CSR to CA for certificate.
Once the CA issued the certificate, I would like to setup DogTag using the existing private key (created using openssl) and certificate.
“This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.”