1:15 p.m.
Hi Nalinda,
I requested the certificate using 'Manual User Dual-Use Certificate Enrollment’
option.
However, when I tried to import the generated certificate into Firefox browser, I get
following error:
'This personal certificate can't be installed because you don't own the
corresponding private key which was created when the certificate was requested.'
To work around this, I manually created private key and CSR on the client machine using
following steps:
1. Generate a new private key and Certificate Signing Request:
$ openssl req -out operator.csr -new -newkey rsa:2048 -nodes -keyout operator.key
2. Submit a CSR using ‘Manual Administrator Certificate Enrollment’ option via end user
interface
(Note: Ensure that the Subject Name field is populated with the exact value as it appears
in the Subject attribute of CSR)
3. Create a pkcs#12 file once the above CSR is approved:
$ openssl pkcs12 -export -out operator.p12 -inkey operator.key -in operator.cert -certfile
ca.cert
4. Using PKIConsole, create a new user, add that user to the "Certificate Manager
Agents” group and associate the certificate (operator.cert) obtained in the step#3 above
5. Launch Firefox browser and import pkcs#12 file (operator.p12) under 'Your
Certificates’ section
With these steps, I can now successfully access agent interface.
So, I would like to know when and how 'Manual User Dual-Use Certificate Enrollment’
option is useful in overall solution.
Thanks,
Mahendra
From: Nalinda Herath <nali.mrt@gmail.com<mailto:nali.mrt@gmail.com>>
Date: Monday, March 30, 2015 at 10:22 PM
To: "Jain, Mahendra"
<majain@verisign.com<mailto:majain@verisign.com>>
Cc: "pki-users@redhat.com<mailto:pki-users@redhat.com>"
<pki-users@redhat.com<mailto:pki-users@redhat.com>>
Subject: Re: [Pki-users] How to setup PKI Administrator user
Yes mahendra
On Mar 30, 2015 11:07 PM, "Jain, Mahendra"
<Majain@verisign.com<mailto:Majain@verisign.com>> wrote:
Hi Nalinda,
Thanks for the quick response.
How do I create a new user via the web interface?
Do you mean submit a 'Manual User Dual-Use Certificate Enrollment’ request via end
user interface and once the request is approved, use that certificate when creating user
via PKIConsole?
Thanks,
Mahendra
From: Nalinda Herath <nali.mrt@gmail.com<mailto:nali.mrt@gmail.com>>
Date: Monday, March 30, 2015 at 12:24 PM
To: "Jain, Mahendra"
<majain@verisign.com<mailto:majain@verisign.com>>
Cc: "pki-users@redhat.com<mailto:pki-users@redhat.com>"
<pki-users@redhat.com<mailto:pki-users@redhat.com>>
Subject: Re: [Pki-users] How to setup PKI Administrator user
Dear Mahendra,
You can get it done through the pkiconsole.
first create a new user via the web interface.
Then open the pkiconsole, go to users and groups and add a new user for the system. Set
the required attributes and add that user to the "Certificate Manager Agents"
group. use the certificate of the new user created via the web interface.
hope this will help
Regards,
Nalinda
On Mon, Mar 30, 2015 at 9:16 PM, Jain, Mahendra
<Majain@verisign.com<mailto:Majain@verisign.com>> wrote:
Hello All,
When I install the Dogtag Certificate System, the installation creates default PKI
Administrator user (caadmin).
What is the procedure to setup additional PKI Administrator users so that they can also
access agent interface?
Thanks,
Mahendra
“This message (including any attachments) is intended only for the use of the individual
or entity to which it is addressed, and may contain information that is non-public,
proprietary, privileged, confidential and exempt from disclosure under applicable law or
may be constituted as attorney work product. If you are not the intended recipient, you
are hereby notified that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this message in error, notify
sender immediately and delete this message immediately.”
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com<mailto:Pki-users@redhat.com>
https://www.redhat.com/mailman/listinfo/pki-users
--
Best Regards,
Nalinda