Re: [Pki-devel] Configuration of Friendly Name and Country

2020-05-22 Thread Dinesh Prasanth Moluguwan Krishnamoorthy 
Nadeera,

(CC'ing pki-devel)

Setting the number of intermediate CAs can be achieved by using "Basic
Constraints Extension" [1] and setting the PathLen= to the required value.

You need to set this extension on a CA profile and then issue a CA signing
cert. You can't modify this value on an already issued CA cert. Read more
on how to add this constraint to a profile here [2]

[1]
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide_common_criteria_edition/index#Basic_Constraints_Extension_Default
[2]
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide_common_criteria_edition/index#about-extensions

Regards,
--Dinesh

On Fri, May 22, 2020 at 8:57 AM Nadeera Galagedara <
nadeeragalaged...@yahoo.com> wrote:

> Dear Dinesh,
>
> I want another help from you. How can I change the "Maximum number of
> intermediate CAs: unlimited" value.
> On Friday, May 22, 2020, 10:57:45 AM GMT+5:30, Nadeera Galagedara <
> nadeeragalaged...@yahoo.com> wrote:
>
>
> Dear Dinesh,
>
> That is a great explanation. That problem that problem is also solved.
> Again thank you.
>
> On Wednesday, May 20, 2020, 08:27:56 PM GMT+5:30, Dinesh Prasanth
> Moluguwan Krishnamoorthy  wrote:
>
>
> Hi Nadeera,
>
> I'm glad I could resolve your issues.
>
> As for the friendly/nickname, these names are customizable based on the
> system you use and are not specified during the certificate issuance.
>
> For instance, when you specified "
> *pki_ca_signing_nickname=mycompany_nickname"* this nickname was used to
> import the CA system certificate in your PKI server's NSSDB. You can view
> this by doing `certutil -L -d /etc/pki/pki-tomcat/alias` and you should see
> the *mycompany_nickname* listed.
>
> I have very limited knowledge of handling certificates in windows. From
> Googling around: you can try to *right-click on the certificate ->
> Properties -> "general" tab -> Set "Friendly Name"*.
>
> HTH
>
> Regards,
> --Dinesh
>
> On Wed, May 20, 2020 at 3:28 AM Nadeera Galagedara <
> nadeeragalaged...@yahoo.com> wrote:
>
> Dear Dinesh,
>
> Thank you for your support and it is been very helpful. I am using Centos
> 7 and the version came with it is 10.5. I am using that version. I think I
> have corrected the country (with c=LK). But I still have a problem with the
> nickname.
>
> I used the *pki_ca_signing_nickname=mycompany_nickname* line but still
> the friendly name show on windows PC (I have imported the issued
> certificate to a windows PC) format like 's  ID.
> My requirement is to show the the Friendly Name (shows as in Windows PC) as
> "*mycompany_nickname* " I have attached a screenshot also. Please tell me
> what did I do wrong.
>
>
> [image: Inline image]
>
>
> The full config is mentioned below
>
>
> *Step 1*
>
> *[CA]*
> *pki_admin_email=mycomp...@abc.lk *
> *pki_admin_name=caadmin*
> *pki_admin_nickname=caadmin*
> *pki_admin_password=Secret.123*
> *pki_admin_uid=caadmin*
>
> *pki_client_database_password=Secret.123*
> *pki_client_database_purge=False*
> *pki_client_pkcs12_password=Secret.123*
>
> *pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lk*
> *pki_ds_database=ca2*
> *pki_ds_password=Secret.123*
>
> *pki_security_domain_name=mycompany_domain*
> *pki_token_password=Secret.123*
>
> *pki_external=True*
> *pki_external_step_two=False*
>
>
> *pki_ca_signing_subject_dn=cn=mycompany_cn,ou=mycompany_ou,o=mycompany_o,c=LK*
> *pki_ca_signing_csr_path=ca_signing.csr*
>
> *pki_ca_signing_nickname=mycompany_nickname*
>
> *pki_default_ocsp_uri=http://ocsp.mycompany.lk *
>
>
>
> *Step 2*
>
> *[CA]*
> *pki_admin_email=mycomp...@abc.lk *
> *pki_admin_name=caadmin*
> *pki_admin_nickname=caadmin*
> *pki_admin_password=Secret.123*
> *pki_admin_uid=caadmin*
>
> *pki_client_database_password=Secret.123*
> *pki_client_database_purge=False*
> *pki_client_pkcs12_password=Secret.123*
>
> *pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lk*
> *pki_ds_database=ca2*
> *pki_ds_password=Secret.123*
>
> *pki_security_domain_name=mycompany_domain*
> *pki_token_password=Secret.123*
>
> *pki_external=True*
> *pki_external_step_two=True*
>
> *pki_ca_signing_csr_path=ca_signing.csr*
> *pki_ca_signing_cert_path=ca_signing.crt*
>
> *pki_ca_signing_nickname=mycompany_nickname*
>
> *pki_default_ocsp_uri=http://ocsp.mycompany.lk *
>
>
>
>
> Thank you and best regards,
> Nadeera.
>
>
>
>
>
> On Wednesday, May 20, 2020, 03:29:15 AM GMT+5:30, Dinesh Prasanth
> Moluguwan Krishnamoorthy  wrote:
>
>
> Hi Nadeera,
>
> What version of dogtag PKI are you trying to install? You are referring to
> PKI 10.5 docs. The latest release is 10.8.3
>
> If you are using the latest packages, our docs are available in our
> upstream repo: https://github.com/dogtagpki/pki/tree/v10.8/docs
>
> (see inline reply)
>
> On Tue, May 19, 2020 at 9:22 AM Nadeera Galagedara <
> nadeeragalaged...@yahoo.com> wrote:
>
> Dear all,
>
> I am new to dogtag and I am

[Pki-devel] [CRON] Errored: dogtagpki/pki-nightly-test#723 (master - 2a95153)

2020-05-22 Thread Travis CI 
Build Update for dogtagpki/pki-nightly-test
-

Build: #723
Status: Errored

Duration: 14 mins and 13 secs
Commit: 2a95153 (master)
Author: Dinesh Prasanth M K
Message: Remove EOL F29 from matrix and add support for v10.8 branch

Signed-off-by: Dinesh Prasanth M K 

View the changeset: 
https://github.com/dogtagpki/pki-nightly-test/compare/1cec22733aad03cad1e589a08281f4a2db79ec90...2a95153102234446e6beb5d4074ae6eebd760fb3

View the full build log and details: 
https://travis-ci.org/github/dogtagpki/pki-nightly-test/builds/690029872?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the dogtagpki/pki-nightly-test 
repository going to 
https://travis-ci.org/account/preferences/unsubscribe?repository=20325727_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] Sub ca shows s # 2 at end

2020-05-22 Thread Nadeera Galagedara 
 Found the problem, I had same name certificate before.
Thanks
On Friday, May 22, 2020, 11:08:43 AM GMT+5:30, Nadeera Galagedara 
 wrote:  
 
 Dear,
I have installed a root CA, then installed a sub CA signed by that root CA (all 
are dogtag 10.5). When i export the certificate for the user, it shows a "# 2" 
at the end of the sub CA certificate path (screenshot attached) . I did not 
include in my configuration. Where does it come from and how can I remove that. 


Thank you..  ___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] Sub ca shows s # 2 at end

2020-05-22 Thread Nadeera Galagedara 
Dear,
I have installed a root CA, then installed a sub CA signed by that root CA (all 
are dogtag 10.5). When i export the certificate for the user, it shows a "# 2" 
at the end of the sub CA certificate path (screenshot attached) . I did not 
include in my configuration. Where does it come from and how can I remove that. 


Thank you..___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [CRON] Errored: dogtagpki/pki-nightly-test#722 (master - 2a95153)

2020-05-22 Thread Travis CI 
Build Update for dogtagpki/pki-nightly-test
-

Build: #722
Status: Errored

Duration: 13 mins and 58 secs
Commit: 2a95153 (master)
Author: Dinesh Prasanth M K
Message: Remove EOL F29 from matrix and add support for v10.8 branch

Signed-off-by: Dinesh Prasanth M K 

View the changeset: 
https://github.com/dogtagpki/pki-nightly-test/compare/1cec22733aad03cad1e589a08281f4a2db79ec90...2a95153102234446e6beb5d4074ae6eebd760fb3

View the full build log and details: 
https://travis-ci.org/github/dogtagpki/pki-nightly-test/builds/689639519?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the dogtagpki/pki-nightly-test 
repository going to 
https://travis-ci.org/account/preferences/unsubscribe?repository=20325727_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [CRON] Errored: dogtagpki/pki-nightly-test#721 (master - 2a95153)

2020-05-22 Thread Travis CI 
Build Update for dogtagpki/pki-nightly-test
-

Build: #721
Status: Errored

Duration: 4 mins and 55 secs
Commit: 2a95153 (master)
Author: Dinesh Prasanth M K
Message: Remove EOL F29 from matrix and add support for v10.8 branch

Signed-off-by: Dinesh Prasanth M K 

View the changeset: 
https://github.com/dogtagpki/pki-nightly-test/compare/1cec22733aad03cad1e589a08281f4a2db79ec90...2a95153102234446e6beb5d4074ae6eebd760fb3

View the full build log and details: 
https://travis-ci.org/github/dogtagpki/pki-nightly-test/builds/689240085?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the dogtagpki/pki-nightly-test 
repository going to 
https://travis-ci.org/account/preferences/unsubscribe?repository=20325727_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel