Re: [Pki-users] Pki-users Digest, Vol 76, Issue 1
Christina,
Thank you so much for the help! :-)
Steven
From: pki-users-request(a)redhat.com
Sent: Tuesday, July 1, 2014 11:00 AM
To: pki-users(a)redhat.com
Send Pki-users mailing list submissions to
pki-users(a)redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/pki-users
or, via email, send a message with subject or body 'help' to
pki-users-request(a)redhat.com
You can reach the person managing the list at
pki-users-owner(a)redhat.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pki-users digest..."
Today's Topics:
1. Re: ECC entity certificate signing and Dogtag (Christina Fu)
----------------------------------------------------------------------
Message: 1
Date: Mon, 30 Jun 2014 11:15:24 -0700
From: Christina Fu <cfu(a)redhat.com>
To: pki-users(a)redhat.com
Subject: Re: [Pki-users] ECC entity certificate signing and Dogtag
Message-ID: <53B1A93C.5090005(a)redhat.com>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Hi Steven,
NSS softtoken provides ECC on F20 out of box
(https://bugzilla.redhat.com/show_bug.cgi?id=1019244 ).
During installation, you just want to make sure that you select the
right option accordingly.
On the client side, the current firefox version supports CRMF key gen
with EC. You can try it on one of the enrollment profiles at the EE port.
From the CLI, certutil works well. You can do something like the
following to get PKCS#10:
certutil -d . -R -k ec -q nistp256 -s "CN=test2014" -a -o req.test2014
Christina
On 06/27/2014 10:02 AM, sbernst(a)gmail.com wrote:
Hi there... It has been suggested that this is likely a question for
CFU (Christina).
How and where do I get the libraries to get ECC working on DogTag on
FC20? Specifically looking to sign client side generated PKCS#10 key
blobs. The Dogtag 10 release from 17 Jan 2013 suggested that this
might be supported, but Info from the link below says that, "Certicom
software tokens could not be used because of an issue with malformed
private keys."
https://www.redhat.com/archives/pki-users/2013-January/msg00001.html
So what all is required to sign ECC generated requests? (not planning
on use of TMS interface at this point). I saw that bug Bug 986831 says
that, "Some tools are broken for ECC with NSS token alone," (from the
10.1 release announcement from November of last year
https://www.redhat.com/archives/pki-users/2013-November/msg00001.html)
<https://www.redhat.com/archives/pki-users/2013-November/msg00001.html%29>
but I'm not authorized to view its details. (I mention this to
demonstrate that I'm trying to do my homework on this issue before
asking for help.)
Thank you so much, in advance, for any and all help.
- Steven
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.redhat.com/archives/pki-users/attachments/20140630/3e54f20f/a...
------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
End of Pki-users Digest, Vol 76, Issue 1
****************************************
Attachments:
- attachment.html (text/html — 5.8 KB)