KRA Problem
by Tiago Magalhães
Hi, I installed ca and kra in the same tomcat instance, but when I try to
enroll a certificate using server-side Key generation, the following
message appears: "KRA Transport Certificate needs to be imported into the
CA nssdb for Server-Side Kegen Enrollment". Do you know how I can i fix
this?
Thanks for your attention
4 days, 8 hours
Promote Dogtag PKI replica to be the new master
by aaron.thompson@bluvector.io
We are trying to promote our Dogtag PKI replica server to be the new master and then decommission the old master. I was able to find some documentation for the IPA process: https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master to do this but haven't been able to find anything yet that is specific to Dogtag.
In our CS.cfg on the replica we have this:
```
master.ca.agent.host=master.server.example.com
master.ca.agent.port=8443
```
Would it be as simple as removing those two lines from the CS.cfg on the replica, maybe set this line to true as well:
```
ca.crl.MasterCRL.enableCRLUpdates=false
```
and restart pki-tomcat and the dirsrv services?
Any insight provided or links to appropriate Dogtag docs that I seem to be unable to find would be much appreciated.
7 months, 4 weeks