the cert chain you provide in the file specified under
pki_external_ca_cert_chain_path
should be just pkcs7 without header/footer.
I don't know why it would not talk to the DS (did you turn on ssl
for the ds?).
Not sure if you build your Dogtag from the master, if you do, I'd
suggest you get the most updated so you get fixes from the tickets I
provided previously which would address at least two issues relating
to external CA.
Christina
On 10/27/2014 07:55 PM, kritee jhawar
wrote:
Hi Christina
I was undertaking this activity last month where Microsoft CA
didn't work out but Dogtag as external CA did.
While using Microsoft CA or OpenSSL CA, pki spawn goes
through without any error but dogtag stops communications to
389ds. Upon calling the rest Api /ca/rest/certs I get a
"PKIException error listing the certs".
Is there a particular format for the ca cert chain that we
need to provide ? I was trying to reverse engineer the chain
provided by dogtag.
Thanks
Kritee
On Monday, 27 October 2014, Christina Fu <cfu@redhat.com>
wrote:
They have just recently been fixed upstream so I imagine you
could use Microsoft CA now. Theoretically any other CA can
be used as an external CA, but if you run into issues,
please feel free to report.
Christina
On 10/27/2014 12:15 AM, kritee jhawar wrote:
Hi
In my recent thread i read that there is a bug due
to which Microsoft CA can't work as external CA for
dogtag.