Re: [Pki-users] Manually Replacing Server Certificates + Profiles

Patrick: I did some quick digging and came up with a bit of info that might help. It looks like the profiles that actually get used by the configuration wizard to create subsystems are private to that process. You can though, view these profiles in the directory: /var/lib/pki-ca/conf/*.profile The differences between these profiles and the regular CA profiles can be compared to possibly explain what you are seeing with the certs that get output. ----- Original Message ----- From: "Patrick Raspante" <Patrick.Raspante(a)gdc4s.com&gt; To: pki-users(a)redhat.com Sent: Friday, March 26, 2010 4:47:06 AM GMT -08:00 US/Canada Pacific Subject: [Pki-users] Manually Replacing Server Certificates + Profiles Manually Replacing Server Certificates + Profiles Using CS 8.0, I'm interested in replacing (not renewing) all the server certificates for every subsystem (CA,TKS,DRM,TPS). The solution I had planned on using was to painstakingly use certutil to generate certificate requests, sign then, and import them back into the subsystem cert db with identical cert nicknames. Is there an easier way to do this (other than reinstalling+rerunning the create wizard)? I can attempt to use pkiconsole to replace certificates and automatically send them to the CA's ee page, but that seems to be erroring repeatedly. Using the certutil method, I'm unsure of which CA profiles to use when signing some of the server certificates certificates. For example, when replacing the TKS's 'subsystemCert' or 'Server-Cert' using the CA's 'manual server certificate enrollment' profile, I don't a get a cert with identical extensions as the original TKS 'subsytem cert'. Which profile does the CA use at TKS creation-time for these certs? Thanks Patrick Raspante Software Engineer General Dynamics C4 Systems Work: 781-455-2399 This message and/or attachments may include information subject to GDC4S O.M. 1.8.6 and GD Corporate Policy 07-105 and is intended to be accessed only by authorized recipients. Use, storage and transmission are governed by General Dynamics and its policies. Contractual restrictions apply to third parties. Recipients should refer to the policies or contract to determine proper handling. Unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender and destroy all copies of the original message. _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users