July 2015 - Pki-users - Dogtag Pki List Archives

by pki tech

Hi all, Good day to you all. What is the process to renew all the four system certificates (SubsystemCert, ServerCert, ocspSigningCert and AuditsigningCert) when those existing certificates are currently expired. I cant access the pkiconsole also as the system is not up and running. I have used the certutil to generate the certificate requests and get it signed by the CA. But it didn't work as expected. I believe the procedure that i have followed to request generation or the signing profiles used for the generation, may have some issues. Cheers. Regards, Mark

7 years, 9 months

3
2
0 / 0

base64 CMC Request format

by Elliott William C OSS sIT

Hi all, Can Dogtag (in this case v. 9.0.3-30.el6 ) be coerced into accepting base64-encoded CMC requests? Is there a parameter somewhere? Or would it require reprogramming? We have a (smart-)card management system (runs under Windows) which sends the requests and expects the responses to both be base64 encoded. Thanks and best regards, William Elliott s IT Solutions Open System Services

7 years, 9 months

4
6
0 / 0

How to install RA on DogTag 10?

by Ben Peck

I'm running Fedora 21 with Dogtag 10.2.1-3 and trying to get the Registration Authority subsystem to install to enable SCEP ultimately. I installed pki-ra, but when I run "pkispawn -s RA" I get the following: Traceback (most recent call last): File "/usr/sbin/pkispawn", line 579, in <module> main(sys.argv) File "/usr/sbin/pkispawn", line 143, in main parser.init_config() File "/usr/lib/python2.7/site-packages/pki/server/ deployment/pkiparser.py", line 192, in init_config 'pki_instance_name': default_instance_name, UnboundLocalError: local variable 'default_instance_name' referenced before assignment Can anyone point me in the right direction concerning SCEP and DogTag 10? Is there some updated documentation on this somewhere I'm missing? Thanks, Ben

8 years, 8 months

2
2
0 / 0

[pki-devel][PATCH] 0046-Firefox-warning.patch

by John Magne

Firefox warning Ticket #1523 Move the dire warning about the crypto object to sections where it applies. Also slightly changed the message due to context.

8 years, 9 months

1
0
0 / 0

partition dogtag data in the ldap server?

by Alexander Jung

Hi, we have a rather large dogtag install here and the ldap-info is getting hard to handle (right now in the ~75Gb range). Are there any recomended ways to partition the data ? I am thinking of migrating all expired and revoked certificates to a chainend ldap-instance and keep only the "valid" certificates data in direct access to the CA instances. The migration from the "valid" partition to the "expired" partition will have to be done outside of dogtag and the 389ds-ldaps, probably by a script at night (it probably could be integrated into the expire runs the dogtag does, although) Has a thing like this been done yet? What were the experiences ? What sould I look out for ? Mit freundlichen Grüßen, Alexander Jung

8 years, 9 months

3
5
0 / 0

Dogtag : Configuring default OCSP URI

by Jain, Mahendra

Hi, I'm running Fedora 21 with Dogtag 10.2.1-3 and would like to configure default OCSP URI that appears in the certificate. The certificate issued by Dogtag includes following OCSP details: Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 Critical: no Access Description: Method #0: ocsp Location #0: URIName: http://server.example.com:8080/ca/ocsp<http://ca-sw-master.end-points.com:8080/ca/ocspy> I would like to update the above URIName (via configuration) to something like http://ocsp.example.com:8080/ca/ocsp<http://ca-sw-master.end-points.com:8080/ca/ocspy>. Please advice. Thanks, Mahendra

8 years, 9 months

1
1
0 / 0

Configure externally acquired private key and certificate

by Jain, Mahendra

Hi, I’ve DogTag 10.1.2 setup with externally signed CA (using the steps outline in the link below) and the setup works perfectly fine: http://man.sourcentral.org/f18/8+pkispawn I would like to know if DogTag also supports configuring externally acquired private key and certificate. In other words, If I generate the private key and CSR using openssl and submit CSR to CA for certificate. Once the CA issued the certificate, I would like to setup DogTag using the existing private key (created using openssl) and certificate. Thanks, Mahendra “This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.”

8 years, 10 months

2
10
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-users July 2015