Thanks for the report. I actually added the STM root cert a few weeks ago, but I didn't have an EK cert to test it with. Evidentally there is some format difference between the two flavors of certs. Would you mind sending me your EK cert? I can see what the software doesn't like about it.
As far as other services, the Trusted Java project contains privacyca functionality. But I don't know if anyone is running a public server. I am actually looking for someone to take over my own server, due to illness. I've been talking to Jon McCune about it, but maybe a commercial interest would be an alternative. Hal On Thu, Oct 11, 2012 at 5:02 AM, Paul Francis <[email protected]> wrote: > > Hi all, > > I'm doing some development on a project that requires an AIK cert. It so > happens that the machine I'm working on has a TPM from ST. This TPM contains > an > EKCert that ST certifies with GlobalSign as the root. (You can download the > certs here if you are interested:) > > http://www.st.com/stonline/stappl/resourceSelector/app? > page=resourceSelector&doctype=CONFIGURATION_UTILITY&SubClassID=1522 > > Because privacyca.com only claims to work with Infineon, I didn't really > expect > to be able to get an AIK cert, but on a lark I tried, and sure enough: > > ./identity testprivacyca outkeyblobfile outcertfile > Retrieving PCA certificate... > Generating identity key... > Sending request to PrivacyCA.com... > Processing response... > Bad response from PrivacyCA.com: Operation failed: Error in endorsement cert > provided in cert-request > /level1© > make: *** [remote] Error 1 > > Now I'm more than happy to buy a box with the Infineon TPM, and probably would > anyway just for the experience, but I'm wondering if there is any chance that > Hal or someone would be willing to add ST certs to privacyca.com. > > More generally, are there any other CAs out there that act as privacy CAs? > Our > goal is a commercial product based on this, and so in the long run > privacyca.com > probably won't serve anyway (unless there really are no other choices). > > Thanks much! > > PF (Paul Francis) > > > > > > ------------------------------------------------------------------------------ > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
