From mhsricchem at yahoo.com Fri May 15 12:20:33 2009 From: mhsricchem at yahoo.com (Rico Hightower) Date: Fri, 15 May 2009 05:20:33 -0700 (PDT) Subject: [Pki-devel] help with certificate creation Message-ID: <990731.54140.qm@web56108.mail.re3.yahoo.com> Hello, ? I am fairly new to the PKI concept but I do have some knowledge on the concept. As part of a college project I am working on, the first task was to get Dogtag CA up and running and that was successfully done. ? However, now I would like to get into the "nuts and bolts" of a certificate. I have the source code, but I am not able to locate the class(es) that are responsible for the actual construction of a X.509 certificate. If someone is familiar with this, I would greatly appreciate the help. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ckannan at redhat.com Fri May 15 22:12:17 2009 From: ckannan at redhat.com (Chandrasekar Kannan) Date: Fri, 15 May 2009 15:12:17 -0700 Subject: [Pki-devel] help with certificate creation In-Reply-To: <990731.54140.qm@web56108.mail.re3.yahoo.com> References: <990731.54140.qm@web56108.mail.re3.yahoo.com> Message-ID: <1242425537.3089.42.camel@localhost.localdomain> Have you looked at https://pki.fedoraproject.org/svn/pki/trunk/pki/base/common/src/com/netscape/ On Fri, 2009-05-15 at 05:20 -0700, Rico Hightower wrote: > Hello, > > I am fairly new to the PKI concept but I do have some knowledge on the > concept. As part of a college project I am working on, the first task > was to get Dogtag CA up and running and that was successfully done. > > However, now I would like to get into the "nuts and bolts" of a > certificate. I have the source code, but I am not able to locate the > class(es) that are responsible for the actual construction of a X.509 > certificate. If someone is familiar with this, I would greatly > appreciate the help. > > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Chandrasekar Kannan -- ckannan at redhat.com Quality Engineering -- http://www.redhat.com/identity_management/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From David.Konrad.Stutzman at us.army.mil Thu May 21 13:46:39 2009 From: David.Konrad.Stutzman at us.army.mil (Stutzman, David K CTR USA AMC) Date: Thu, 21 May 2009 09:46:39 -0400 Subject: [Pki-devel] (no subject) Message-ID: Sorry for the seemingly rhetorical question... Does the ESC support generation of keys and issuance of certificates onto anything other than the supported "Global Platform" hardware tokens (ie software tokens such as NSS's internal cert DB, PKCS#12 files, Java KeyStores, etc)? The way I understand it, the ESC *only* supports a few types of HW tokens, but I've been asked to get an official yes or no. Thanks, Dave -- David Stutzman Fort Monmouth - Myer Center IA - Tactical Network Protection david.konrad.stutzman @us.army.mil D&S Consultants, Inc. dstutzman @dsci.com Lab: 732-532-8959 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2912 bytes Desc: not available URL: From ckannan at redhat.com Thu May 21 14:14:54 2009 From: ckannan at redhat.com (Chandrasekar Kannan) Date: Thu, 21 May 2009 07:14:54 -0700 Subject: [Pki-devel] (no subject) In-Reply-To: References: Message-ID: <1242915294.12673.6.camel@localhost.localdomain> On Thu, 2009-05-21 at 09:46 -0400, Stutzman, David K CTR USA AMC wrote: > Sorry for the seemingly rhetorical question... > > Does the ESC support generation of keys and issuance of certificates > onto anything other than the supported "Global Platform" hardware > tokens (ie software tokens such as NSS's internal cert DB, PKCS#12 > files, Java KeyStores, etc)? The way I understand it, the ESC *only* > supports a few types of HW tokens, but I've been asked to get an > official yes or no. I'll leave the official statement to come from Jack. But to my knowledge, token management *only* happens via TPS ( no p12, no cert/key generation directly via software at this point ). > > Thanks, > Dave > > -- > David Stutzman > Fort Monmouth - Myer Center > IA - Tactical Network Protection > david.konrad.stutzman @us.army.mil > D&S Consultants, Inc. > dstutzman @dsci.com > Lab: 732-532-8959 > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Chandrasekar Kannan -- ckannan at redhat.com Quality Engineering -- http://www.redhat.com/identity_management/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jmagne at redhat.com Thu May 21 16:55:57 2009 From: jmagne at redhat.com (John Magne) Date: Thu, 21 May 2009 12:55:57 -0400 (EDT) Subject: [Pki-devel] (no subject) In-Reply-To: <1242915294.12673.6.camel@localhost.localdomain> Message-ID: <1755212715.959821242924957940.JavaMail.root@zmail06.collab.prod.int.phx2.redhat.com> Chandra is correct. As of right now. ESC can only populate the supported tokens with applets and certificates only with the assistance of TPS. Also, ESC only recognizes the tokens that our CoolKey PKCS#11 module recognizes. ----- Original Message ----- From: "Chandrasekar Kannan" To: "David K CTR USA AMC Stutzman" Cc: pki-devel at redhat.com Sent: Thursday, May 21, 2009 7:14:54 AM GMT -08:00 US/Canada Pacific Subject: Re: [Pki-devel] (no subject) On Thu, 2009-05-21 at 09:46 -0400, Stutzman, David K CTR USA AMC wrote: > Sorry for the seemingly rhetorical question... > > Does the ESC support generation of keys and issuance of certificates > onto anything other than the supported "Global Platform" hardware > tokens (ie software tokens such as NSS's internal cert DB, PKCS#12 > files, Java KeyStores, etc)? The way I understand it, the ESC *only* > supports a few types of HW tokens, but I've been asked to get an > official yes or no. I'll leave the official statement to come from Jack. But to my knowledge, token management *only* happens via TPS ( no p12, no cert/key generation directly via software at this point ). > > Thanks, > Dave > > -- > David Stutzman > Fort Monmouth - Myer Center > IA - Tactical Network Protection > david.konrad.stutzman @us.army.mil > D&S Consultants, Inc. > dstutzman @dsci.com > Lab: 732-532-8959 > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Chandrasekar Kannan -- ckannan at redhat.com Quality Engineering -- http://www.redhat.com/identity_management/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ Pki-devel mailing list Pki-devel at redhat.com https://www.redhat.com/mailman/listinfo/pki-devel