SHA-1 may have been removed from JSS:
https://github.com/dogtagpki/jss/pull/950
On Mon, Apr 8, 2024 at 1:01 PM Marc Sauton wrote:
> you may need to change the system's cryptographic policies to either
> "LEGACY" or "DEFAULT:SHA1", as SHA-1 has been deprecated:
>
&
you may need to change the system's cryptographic policies to either
"LEGACY" or "DEFAULT:SHA1", as SHA-1 has been deprecated:
update-crypto-policies --set DEFAULT:SHA1
reboot and test again
see:
man update-crypto-policies
man crypto-policies
doc link:
3.3. Setting up system-wide cryptographic
There isn't really a need to manually create the PKI LDAP tree after the
dscreate command is run, because the pkispawn tool will do all the
necessary steps, adding itself a new suffix and db for the instance created.
I have the impression this is an extra step to verify adding some data to
the
newer article at
https://access.redhat.com/solutions/6380011
How to do bulk issuance with Red Hat Certificate System 10 and 9
On Fri, Oct 1, 2021 at 9:39 PM Marc Sauton wrote:
> update:
>
> the interface is also different, and we have Python tools, so the
> procedure can be comple
/ca/transactions &
time for i in {1..10}; do pki -U https://${cahost}:${caport}/ca -d ${d} -n
"${nick}" -C ${d}/pwd.txt ca-cert-request-submit --profile
caAgentServerCert --csr-file ${f}.${i} ; done
Thanks,
M.
On Fri, Oct 1, 2021 at 7:25 PM Marc Sauton wrote:
> those steps com
those steps come from an older article at
https://access.redhat.com/solutions/44042 , originally on RHEL-5 for RHCS-8
( and my fault).
I think the the perl command in the step 4 after the loop on PKCS10Client ,
is now incorrect, the goal was to remove the header and footer of the CSR,
but it seems
it should be present in the CA's NSS db, verify with certutil, veneutall
yadd if needed:
https://github.com/dogtagpki/pki/blob/master/docs/installation/kra/Installing_KRA.md
also verify the "connector" is configured between the CA and KRA instances
pki -c Secret.123 -n caadmin ca-kraconnector-show
