<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<tt>The attached patch addresses the following PKI issue:</tt><tt><br>
</tt>
<ul>
<li><tt>TRAC Ticket #185 - </tt><tt>Dogtag 10: Update PKI
Deployment to handle subordinate CA</tt></li>
</ul>
<tt>The following tests were performed on this code where:</tt><br>
<ul>
<li><b><tt>cadeployment.cfg --> pki-tomcat (standard CA
deployment configuration file with passwords)</tt></b></li>
<li><b><tt>subcadeployment.cfg --> pki-sub-tomcat <tt> (simple
Subordinate CA deployment configuration file with
passwords)</tt></tt></b></li>
<li><b><tt>sub-subcadeployment.cfg --> pki-sub-sub-tomcat <tt>
("complex" Subordinate Subordinate CA deployment
configuration file with passwords)</tt></tt></b><b><tt><tt></tt></tt></b><br>
</li>
</ul>
<blockquote><tt># diff cadeployment.cfg subcadeployment.cfg</tt><tt><br>
</tt><tt>109c109</tt><tt><br>
</tt><tt>< pki_ajp_port=8009</tt><tt><br>
</tt><tt>---</tt><tt><br>
</tt><tt>> pki_ajp_port=18009</tt><tt><br>
</tt><tt>119,121c119,121</tt><tt><br>
</tt><tt>< pki_http_port=8080</tt><tt><br>
</tt><tt>< pki_https_port=8443</tt><tt><br>
</tt><tt>< pki_instance_name=pki-tomcat</tt><tt><br>
</tt><tt>---</tt><tt><br>
</tt><tt>> pki_http_port=18080</tt><tt><br>
</tt><tt>> pki_https_port=18443</tt><tt><br>
</tt><tt>> pki_instance_name=pki-sub-tomcat</tt><tt><br>
</tt><tt>125c125</tt><tt><br>
</tt><tt>< pki_tomcat_server_port=8005</tt><tt><br>
</tt><tt>---</tt><tt><br>
</tt><tt>> pki_tomcat_server_port=18005</tt><tt><br>
</tt><tt>162c162</tt><tt><br>
</tt><tt>< pki_subordinate=False</tt><tt><br>
</tt><tt>---</tt><tt><br>
</tt><tt>> pki_subordinate=True</tt><tt><br>
</tt><tt><br>
</tt><tt><br>
</tt><tt><br>
</tt><tt># diff subcadeployment.cfg sub-subcadeployment.cfg</tt><tt><br>
</tt><tt>60c60</tt><tt><br>
</tt><tt>< pki_issuing_ca=</tt><tt><br>
</tt><tt>---</tt><tt><br>
</tt><tt>> pki_issuing_ca=<a class="moz-txt-link-freetext" href="https://server.example.com:18443">https://server.example.com:18443</a></tt><tt><br>
</tt><tt>109c109</tt><tt><br>
</tt><tt>< pki_ajp_port=18009</tt><tt><br>
</tt><tt>---</tt><tt><br>
</tt><tt>> pki_ajp_port=28009</tt><tt><br>
</tt><tt>119,121c119,121</tt><tt><br>
</tt><tt>< pki_http_port=18080</tt><tt><br>
</tt><tt>< pki_https_port=18443</tt><tt><br>
</tt><tt>< pki_instance_name=pki-sub-tomcat</tt><tt><br>
</tt><tt>---</tt><tt><br>
</tt><tt>> pki_http_port=28080</tt><tt><br>
</tt><tt>> pki_https_port=28443</tt><tt><br>
</tt><tt>> pki_instance_name=pki-sub-sub-tomcat</tt><tt><br>
</tt><tt>125c125</tt><tt><br>
</tt><tt>< pki_tomcat_server_port=18005</tt><tt><br>
</tt><tt>---</tt><tt><br>
</tt><tt>> pki_tomcat_server_port=28005</tt><tt><br>
</tt><tt>148c148</tt><tt><br>
</tt><tt>< pki_ca_signing_subject_dn=</tt><tt><br>
</tt><tt>---</tt><tt><br>
</tt><tt>> pki_ca_signing_subject_dn=CN=Sub-SubCA Subsystem
Certificate,O=example.com Security Domain</tt><tt><br>
</tt><tt><br>
</tt><tt><br>
<br>
</tt><tt><b>pki-tomcat:<br>
<br>
</b></tt><tt># cd /var/lib/pki/pki-tomcat/alias</tt><tt><br>
</tt><tt># certutil -d . -L</tt><tt><br>
</tt><tt><br>
</tt><tt>Certificate
Nickname Trust
Attributes</tt><tt><br>
</tt><tt>
SSL,S/MIME,JAR/XPI</tt><tt><br>
</tt><tt><br>
</tt><tt>caSigningCert cert-pki-tomcat
CA CTu,Cu,Cu</tt><tt><br>
</tt><tt>Server-Cert
cert-pki-tomcat u,u,u</tt><tt><br>
</tt><tt>auditSigningCert cert-pki-tomcat
CA u,u,Pu</tt><tt><br>
</tt><tt>ocspSigningCert cert-pki-tomcat
CA u,u,u</tt><tt><br>
</tt><tt>subsystemCert cert-pki-tomcat
CA u,u,u</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "caSigningCert cert-pki-tomcat CA"
| more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=CA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=CA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "subsystemCert cert-pki-tomcat CA"
| more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=CA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=CA Subsystem Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "Server-Cert cert-pki-tomcat" |
more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=CA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=server.example.com,O=example.com Security
Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "ocspSigningCert cert-pki-tomcat
CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=CA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=CA OCSP Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "auditSigningCert cert-pki-tomcat
CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=CA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=CA Audit Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><br>
<table border="0" cellpadding="2" cellspacing="2" width="100%">
<tbody>
<tr style="font-weight: bold" bgcolor="#e5e5e5">
<td><font face="PrimaSans BT, Verdana, sans-serif" size="-1">Serial
number</font></td>
<td><font face="PrimaSans BT, Verdana, sans-serif" size="-1">
Status</font></td>
<td>
<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
Subject name</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x1</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="0"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x1"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=CA Signing
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x2</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="1"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x2"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=CA OCSP Signing
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x3</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="2"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x3"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=server.example.com,O=example.com
Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x4</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="3"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x4"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=CA Subsystem
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x5</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="4"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x5"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=CA Audit Signing
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x6</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="5"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x6"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=CA Administrator of
Instance
pki-tomcat,UID=caadmin,E=caadmin@example.com,O=example.com
Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x7</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="6"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x7"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=SubCA Signing
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x8</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="7"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x8"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=SubCA Subsystem
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x9</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="8"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x9"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=SubCA Subsystem
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0xa</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="9"
href="https://dogtag18.usersys.redhat.com:8443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0xa"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">UID=test CA</a></div>
</font></td>
</tr>
</tbody>
</table>
<tt><br>
<br>
<br>
</tt><tt><b>pki-sub-tomcat:</b><b><br>
</b><br>
</tt><tt># cd /var/lib/pki/pki-sub-tomcat/alias</tt><tt><br>
</tt><tt># certutil -d . -L</tt><tt><br>
</tt><tt>Certificate
Nickname Trust
Attributes</tt><tt><br>
</tt><tt>
SSL,S/MIME,JAR/XPI</tt><tt><br>
</tt><tt><br>
</tt><tt>CA Signing Certificate - example.com Security
Domain CT,c,</tt><tt><br>
</tt><tt>caSigningCert cert-pki-sub-tomcat
CA CTu,Cu,Cu</tt><tt><br>
</tt><tt>ocspSigningCert cert-pki-sub-tomcat
CA u,u,u</tt><tt><br>
</tt><tt>auditSigningCert cert-pki-sub-tomcat
CA u,u,Pu</tt><tt><br>
</tt><tt>Server-Cert
cert-pki-sub-tomcat u,u,u</tt><tt><br>
</tt><tt>subsystemCert cert-pki-sub-tomcat
CA u,u,u</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d. -L -n "caSigningCert cert-pki-sub-tomcat
CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=CA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=SubCA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d. -L -n "subsystemCert cert-pki-sub-tomcat
CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=CA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=SubCA Subsystem Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d. -L -n "Server-Cert cert-pki-sub-tomcat" |
more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=SubCA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=server.example.com,O=example.com Security
Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d. -L -n "ocspSigningCert cert-pki-sub-tomcat
CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=SubCA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=SubCA OCSP Signing
Certificate,O=example.com Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d. -L -n "auditSigningCert
cert-pki-sub-tomcat CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=SubCA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=SubCA Audit Signing
Certificate,O=example.com Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><br>
<table border="0" cellpadding="2" cellspacing="2" width="100%">
<tbody>
<tr style="font-weight: bold" bgcolor="#e5e5e5">
<td><font face="PrimaSans BT, Verdana, sans-serif" size="-1">Serial
number</font></td>
<td><font face="PrimaSans BT, Verdana, sans-serif" size="-1">
Status</font></td>
<td>
<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
Subject name</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x1</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="0"
href="https://dogtag18.usersys.redhat.com:18443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x1"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=SubCA OCSP Signing
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x2</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="1"
href="https://dogtag18.usersys.redhat.com:18443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x2"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=server.example.com,O=example.com
Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x3</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="2"
href="https://dogtag18.usersys.redhat.com:18443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x3"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=SubCA Audit Signing
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x4</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="3"
href="https://dogtag18.usersys.redhat.com:18443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x4"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=CA Administrator of
Instance
pki-sub-tomcat,UID=caadmin,E=caadmin@example.com,O=example.com
Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x5</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="4"
href="https://dogtag18.usersys.redhat.com:18443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x5"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=Sub-SubCA Subsystem
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x6</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="5"
href="https://dogtag18.usersys.redhat.com:18443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x6"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">UID=test SUBCA</a></div>
</font></td>
</tr>
</tbody>
</table>
<tt><br>
<br>
<br>
</tt><tt><b>pki-sub-sub-tomcat:</b><b><br>
</b><br>
</tt><tt># cd /var/lib/pki/pki-sub-sub-tomcat/alias</tt><tt><br>
</tt><tt># certutil -d . -L</tt><tt><br>
</tt><tt>Certificate
Nickname Trust
Attributes</tt><tt><br>
</tt><tt>
SSL,S/MIME,JAR/XPI</tt><tt><br>
</tt><tt><br>
</tt><tt>CA Signing Certificate - example.com Security
Domain CT,c,</tt><tt><br>
</tt><tt>SubCA Signing Certificate - example.com Security
Domain c,c, </tt><tt><br>
</tt><tt>caSigningCert cert-pki-sub-sub-tomcat
CA CTu,Cu,Cu</tt><tt><br>
</tt><tt>Server-Cert
cert-pki-sub-sub-tomcat u,u,u</tt><tt><br>
</tt><tt>subsystemCert cert-pki-sub-sub-tomcat
CA u,u,u</tt><tt><br>
</tt><tt>ocspSigningCert cert-pki-sub-sub-tomcat
CA u,u,u</tt><tt><br>
</tt><tt>auditSigningCert cert-pki-sub-sub-tomcat
CA u,u,Pu</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "caSigningCert
cert-pki-sub-sub-tomcat CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=SubCA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=Sub-SubCA Subsystem
Certificate,O=example.com Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "subsystemCert
cert-pki-sub-sub-tomcat CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=CA Signing Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=SubCA Subsystem Certificate,O=example.com
Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "Server-Cert
cert-pki-sub-sub-tomcat" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=Sub-SubCA Subsystem
Certificate,O=example.com Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=server.example.com,O=example.com Security
Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "ocspSigningCert
cert-pki-sub-sub-tomcat CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=Sub-SubCA Subsystem
Certificate,O=example.com Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=SubCA OCSP Signing
Certificate,O=example.com Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt><br>
</tt><tt># certutil -d . -L -n "auditSigningCert
cert-pki-sub-sub-tomcat CA" | more</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Issuer: "CN=Sub-SubCA Subsystem
Certificate,O=example.com Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><tt> Subject: "CN=SubCA Audit Signing
Certificate,O=example.com Security Domain"</tt><tt><br>
</tt><tt> . . .</tt><tt><br>
</tt><br>
<table border="0" cellpadding="2" cellspacing="2" width="100%">
<tbody>
<tr style="font-weight: bold" bgcolor="#e5e5e5">
<td><font face="PrimaSans BT, Verdana, sans-serif" size="-1">Serial
number</font></td>
<td><font face="PrimaSans BT, Verdana, sans-serif" size="-1">
Status</font></td>
<td>
<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
Subject name</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x1</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="0"
href="https://dogtag18.usersys.redhat.com:28443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x1"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=SubCA OCSP Signing
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x2</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="1"
href="https://dogtag18.usersys.redhat.com:28443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x2"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=server.example.com,O=example.com
Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x3</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="2"
href="https://dogtag18.usersys.redhat.com:28443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x3"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=SubCA Audit Signing
Certificate,O=example.com Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x4</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;
background-color: rgb(255, 255, 255);"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="3"
href="https://dogtag18.usersys.redhat.com:28443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x4"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">CN=CA Administrator of
Instance
pki-sub-sub-tomcat,UID=caadmin,E=caadmin@example.com,O=example.com
Security Domain</a></div>
</font></td>
</tr>
<tr>
<td width="18%"><font face="PrimaSans BT, Verdana,
sans-serif" size="-1">
0x5</font></td>
<td width="16%">valid</td>
<td style="overflow: hidden; white-space: nowrap;"> <font
face="PrimaSans BT, Verdana, sans-serif" size="-1">
<div style="overflow: hidden; white-space: nowrap;"> <a
index="4"
href="https://dogtag18.usersys.redhat.com:28443/ca/agent/ca/displayBySerial?op=displayBySerial&serialNumber=0x5"
onmouseover="mouseover(this,event);"
onmouseout="mouseout(this);">UID=test SUB-SUBCA</a></div>
</font></td>
</tr>
</tbody>
</table>
<br>
<br>
</blockquote>
</body>
</html>