Good day to you all.
What is the process to renew all the four system certificates
(SubsystemCert, ServerCert, ocspSigningCert and AuditsigningCert) when
those existing certificates are currently expired. I cant access the
pkiconsole also as the system is not up and running.
I have used the certutil to generate the certificate requests and get it
signed by the CA. But it didn't work as expected. I believe the procedure
that i have followed to request generation or the signing profiles used for
the generation, may have some issues.
Can Dogtag (in this case v. 9.0.3-30.el6 ) be coerced into accepting base64-encoded CMC requests? Is there a parameter somewhere? Or would it require reprogramming?
We have a (smart-)card management system (runs under Windows) which sends the requests and expects the responses to both be base64 encoded.
Thanks and best regards,
s IT Solutions
Open System Services
The password.conf file stores system passwords in plaintext, and I prefer
to enter system passwords manually and to remove the password file.
I have found original documentation
But it is for older version on PKI and does not work with systemd.
How to setup PKI CA to ask for NSS DB password at startup?
Packages versions (I have rebuilt F22 packages for CentOS 7):
# rpm -qa | grep pki
I'm running Fedora 21 with Dogtag 10.2.1-3 and trying to get the
Registration Authority subsystem to install to enable SCEP ultimately.
I installed pki-ra, but when I run "pkispawn -s RA" I get the following:
Traceback (most recent call last):
File "/usr/sbin/pkispawn", line 579, in <module>
File "/usr/sbin/pkispawn", line 143, in main
line 192, in init_config
UnboundLocalError: local variable 'default_instance_name' referenced
Can anyone point me in the right direction concerning SCEP and DogTag 10?
Is there some updated documentation on this somewhere I'm missing?