1:56 p.m.
I have a brand new install on Centos 5.5 64.
I can't get it to publish certs to the file system, only LDAP. In
pkiconsole, when I first access the Publishing area, I get an error
message about not being authorized. I am using the CA admin account to
do this.
Any ideas?
Thanks,
Dave
12:54 a.m.
New subject: anyone had a challenge getting crts to publish to the file system?
On 02/20/2011 01:26 AM, Dave Augustus wrote:
I have a brand new install on Centos 5.5 64.
I can't get it to publish certs to the file system, only LDAP. In pkiconsole, when I
first
access the Publishing area, I get an error message about not being authorized. I am
using
the CA admin account to do this.
Dave,
It'd be more helpful here, if you can provide the log info(CA debug log ideally) when
you
see this.
Any ideas?
Though I'm not sure at this point what's blocking you, however I was able to
previously
publish Certs(and CRLs) to file system successfully using below procedure:
---------------------------------------------------------------------------------------
1/ Configure CA
2/ Fire up pkiconsole, go to 'Publishing'
3/ Configure a filebased 'Publisher'
+ Add a 'FileBasedPublisher'(say with id 'filepub') with a directory
'/var/lib/pki-ca/filepublishing'
Note:Ensure to create this directory 'filepublishing' under /var/lib/pki* tree, so
that
SELinux doesn't complain. If you're creating this directory elsewhere on the file
system,
be sure to relabel your SELinux context
4/ Configure 'Rules'
+ Add a new 'Rule'(say "filerule") and select the type as
'certs' , mapper as 'NoMap'
and publisher as 'filepub'(the one we created in step 3 above)
5/ Enable Publshing in pkiconsole
6/ Restart CA instance (do not miss this)
----------------------------------------------------------------------------------------
Now, new certs should be published to your 'var/lib/pki-ca/filepublishing'
directory.
hope that helps.
Thanks,
Dave
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
--
/kashyap
9:45 a.m.
New subject: anyone had a challenge getting crts to publish to the file system?
On Feb 21, 2011, at 12:54 AM, Kashyap Chamarthy <kchamart(a)redhat.com> wrote:
On 02/20/2011 01:26 AM, Dave Augustus wrote:
> I have a brand new install on Centos 5.5 64.
>
> I can't get it to publish certs to the file system, only LDAP. In pkiconsole,
when I first
> access the Publishing area, I get an error message about not being authorized. I am
using
> the CA admin account to do this.
Dave,
It'd be more helpful here, if you can provide the log info(CA debug log ideally) when
you see this.
>
> Any ideas?
Though I'm not sure at this point what's blocking you, however I was able to
previously publish Certs(and CRLs) to file system successfully using below procedure:
---------------------------------------------------------------------------------------
1/ Configure CA
2/ Fire up pkiconsole, go to 'Publishing'
This is where I get the error "you are not authorized to perform this
operation". I disabled selinux still got same error. Are you on irc?
3/ Configure a filebased 'Publisher'
+ Add a 'FileBasedPublisher'(say with id 'filepub') with a directory
'/var/lib/pki-ca/filepublishing'
Note:Ensure to create this directory 'filepublishing' under /var/lib/pki* tree,
so that SELinux doesn't complain. If you're creating this directory elsewhere on
the file system, be sure to relabel your SELinux context
4/ Configure 'Rules'
+ Add a new 'Rule'(say "filerule") and select the type as
'certs' , mapper as 'NoMap' and publisher as 'filepub'(the one we
created in step 3 above)
5/ Enable Publshing in pkiconsole
6/ Restart CA instance (do not miss this)
----------------------------------------------------------------------------------------
Now, new certs should be published to your 'var/lib/pki-ca/filepublishing'
directory.
hope that helps.
>
> Thanks,
> Dave
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
--
/kashyap
5098
days inactive
5100
days old
2 comments
2 participants
participants (2)
-
Dave Augustus -
Kashyap Chamarthy