Re: [Pki-users] How to renew the admin certificate
I suspect the uid is probably caadmin, which is the default, if you left it that way.
----- Original Message -----
From: "Ha T. Lam" <hatlam(a)gmail.com>
To: "John Magne" <jmagne(a)redhat.com>
Cc: pki-users(a)redhat.com
Sent: Monday, April 25, 2016 3:12:35 PM
Subject: Re: [Pki-users] How to renew the admin certificate
Hi John,
Thank you very much for your quick reply. I've managed to get ssh -X sorted
out because when I typed
pkiconsole https://ca02.mycompany.com:8433/ca
I get a dialog box asking for User ID and Password. From our conf file, I
put in the pki_admin_uid and pki_admin_password, the dialog box went away,
but nothing else happened. I also tried using pki_client_pkcs12_password
but with the same result. Looking at the log
file /var/log/pki/pki-tomcat/localhost_access_log.2016-04-25.txt, I see
"POST /ca/auths HTTP/1.0" 200 27
At this point, I'm not sure if it's because I put in the wrong
authentication or if I'm still having problem with the pkiconsole. I've
been trying to setup vncserver as you recommended but haven't had much luck.
I stumbled on the pki commands and it looks like I can use them to install
client certificate, are they equivalent to the pkiconsole?
Thanks,
Ha
On Mon, Apr 25, 2016 at 11:10 AM, John Magne <jmagne(a)redhat.com> wrote:
Hello:
Your approach seems reasonable:
Perhaps you might want to start a vncserver on there and
come in that way. There has been issues with using the console over ssh.
----- Original Message -----
> From: "Ha T. Lam" <hatlam(a)gmail.com>
> To: pki-users(a)redhat.com
> Sent: Sunday, April 24, 2016 9:29:07 PM
> Subject: [Pki-users] How to renew the admin certificate
>
> Hi all,
>
> We have a Dog Tag system hosted on Fedora inside a VirtualBox, our admin
> certificate has unfortunately expired, so the web interface complains
that
> the cert is invalid. I've managed to rewind the clock and authorized
myself
> a PKI Administrator certificate following this thread:
>
> https://www.redhat.com/archives/pki-users/2013-October/msg00008.html
>
> I'm now trying to import the new certificate into the system. The thread
> mentioned doing it through the pkiconsole, but I have not been able to
get
> it to work, when I typed:
>
> pkiconsole https://ca02.mycompany.com:8433/ca
>
> I don't get any error message, but I don't see any console either. I
suspect
> this is because I'm ssh-ing into a virtualbox and the display is not set
> correctly.
>
> My questions are:
> 1. Does the process I mentioned above make sense? I'm new to dogtag and
still
> learning about it.
> 2. If I'm on the right track, is there a command line option for
pkiconsole?
>
> Thank you for your help,
> Ha
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users