<html><head></head><body><div class="ydpe70d6282yahoo-style-wrap" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><div style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"></div>
<div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;">Dear <span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;">Dinesh,</span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><br></span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;">I tried the method and still have the problem. I will tell you what i did and can you tell me where did I do wrong.</span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><br></span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;">My root CA has "<span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><i>Maximum number of intermediate CAs: unlimited</i>" and now I am installing the issuing ca (what I use for to issue certificates for clients). For the issuing <i>CA </i><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><i>Maximum number of intermediate</i> CAs want to be <i>Zero</i>. </span></span></span></span></span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><br></span></span></span></span></span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;">I basically follow <span><a href="https://www.dogtagpki.org/wiki/PKI_10.5_Installing_CA_with_External_CA_Signing_Certificate" rel="nofollow" target="_blank">https://www.dogtagpki.org/wiki/PKI_10.5_Installing_CA_with_External_CA_Signing_Certificate</a> steps (send the CSR to root CA and get back the signed certificate) and added </span></span></span></span></span></span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><br></span></span></span></span></span></span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><div><pre class="ydp4cca329screen" style="font-family: Consolas, Monaco, Andale Mono, monospace; margin-top: 0px; margin-bottom: 1.8em; line-height: 1.42857; color: rgb(240, 240, 240); background: rgb(37, 37, 37); border: 1px solid rgb(26, 26, 26); border-radius: 0px; white-space: pre-wrap; text-shadow: none;">policyset.caCertSet.5.default.name=Basic Constraints Extension Default
policyset.caCertSet.5.default.params.basicConstraintsCritical=true
policyset.caCertSet.5.default.params.basicConstraintsIsCA=true
policyset.caCertSet.5.default.params.basicConstraintsPathLen=0</pre></div></span></span></span></span></span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;">lines to both step 1 and step 2 config files and installed the Issuing CA.</span></span></div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><br></span></span></div><div dir="ltr" data-setdir="false" style=""><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;">Then I went to the<i> </i>Issuing CA's <i> "SSL End Users Services" </i>-> "<i>Manual User Dual-Use Certificate </i></span></span><i>Enrollment"</i> and created a certificate. Then I wend to <i>Agent Services</i> and approve that request.</div><div dir="ltr" data-setdir="false" style=""><br></div><div dir="ltr" data-setdir="false" style="">I imported that certificate to browser. But still it shows my issuing CA <span><i style="color: rgb(0, 0, 0); font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;">Maximum number of intermediate CAs: unlimited. </i></span></div><div dir="ltr" data-setdir="false" style=""><span><i style="color: rgb(0, 0, 0); font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><br></i></span></div><div dir="ltr" data-setdir="false" style="">Can you tell me what did I do wrong.</div><div dir="ltr" data-setdir="false" style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><span><span style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><br></span></span></div><div style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;"><br></div>
</div><div id="yahoo_quoted_1670586124" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Friday, May 22, 2020, 11:27:29 PM GMT+5:30, Dinesh Prasanth Moluguwan Krishnamoorthy <dmoluguw@redhat.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="yiv7742330955"><div><div dir="ltr"><div dir="ltr"><div>Nadeera,</div><div><br clear="none"></div><div>(CC'ing pki-devel)</div><div><br clear="none"></div><div>Setting the number of intermediate CAs can be achieved by using "Basic Constraints Extension" [1] and setting the PathLen= to the required value.</div><div><br clear="none"></div><div>You need to set this extension on a CA profile and then issue a CA signing cert. You can't modify this value on an already issued CA cert. Read more on how to add this constraint to a profile here [2]<br clear="none"></div><div><br clear="none"></div><div>[1] <a rel="nofollow" shape="rect" target="_blank" href="https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide_common_criteria_edition/index#Basic_Constraints_Extension_Default">https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide_common_criteria_edition/index#Basic_Constraints_Extension_Default</a></div><div>[2] <a rel="nofollow" shape="rect" target="_blank" href="https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide_common_criteria_edition/index#about-extensions">https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide_common_criteria_edition/index#about-extensions</a></div><div><br clear="none"></div><div>Regards,</div><div>--Dinesh<br clear="none"></div></div><br clear="none"><div class="yiv7742330955yqt3017057127" id="yiv7742330955yqt54981"><div class="yiv7742330955gmail_quote"><div class="yiv7742330955gmail_attr" dir="ltr">On Fri, May 22, 2020 at 8:57 AM Nadeera Galagedara <<a rel="nofollow" shape="rect" ymailto="mailto:nadeeragalagedara@yahoo.com" target="_blank" href="mailto:nadeeragalagedara@yahoo.com">nadeeragalagedara@yahoo.com</a>> wrote:<br clear="none"></div><blockquote class="yiv7742330955gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div dir="ltr"> <div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;">Dear Dinesh,</div><div><br clear="none"></div></div>I want another help from you. How can I change the "<span>Maximum number of intermediate CAs: unlimited" value.</span></div>
</div><div id="yiv7742330955gmail-m_-8245546841587472426yahoo_quoted_0244021294">
<div style="font-family:Helvetica, Arial, sans-serif;font-size:13px;color:rgb(38,40,42);">
<div>
On Friday, May 22, 2020, 10:57:45 AM GMT+5:30, Nadeera Galagedara <<a rel="nofollow" shape="rect" ymailto="mailto:nadeeragalagedara@yahoo.com" target="_blank" href="mailto:nadeeragalagedara@yahoo.com">nadeeragalagedara@yahoo.com</a>> wrote:
</div>
<div><br clear="none"></div>
<div><br clear="none"></div>
<div><div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"></div>
<div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;">Dear <span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;">Dinesh,</span></span></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;"><br clear="none"></span></span></div><div dir="ltr">That is a great explanation. That problem that problem is also solved. Again thank you.</div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><br clear="none"></div>
</div><div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412yqt49147"><div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412yahoo_quoted_1087637813">
<div style="font-family:Helvetica, Arial, sans-serif;font-size:13px;color:rgb(38,40,42);">
<div>
On Wednesday, May 20, 2020, 08:27:56 PM GMT+5:30, Dinesh Prasanth Moluguwan Krishnamoorthy <<a rel="nofollow" shape="rect" ymailto="mailto:dmoluguw@redhat.com" target="_blank" href="mailto:dmoluguw@redhat.com">dmoluguw@redhat.com</a>> wrote:
</div>
<div><br clear="none"></div>
<div><br clear="none"></div>
<div><div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412"><div><div dir="ltr"><div>Hi Nadeera,</div><div><br clear="none"></div><div>I'm glad I could resolve your issues.</div><div><br clear="none"></div><div>As for the friendly/nickname, these names are customizable based on the system you use and are not specified during the certificate issuance.</div><div><br clear="none"></div><div>For instance, when you specified "<span><i>pki_ca_signing_nickname=<span><i>mycompany_nickname"</i></span></i><span> this nickname was used to import the CA system certificate in your PKI server's </span>NSSDB. You can view this by doing `certutil -L -d /etc/pki/pki-tomcat/alias` and you should see the <i>mycompany_nickname</i> listed.</span></div><div><br clear="none"></div><div>I have very limited knowledge of handling certificates in windows. From Googling around: you can try to <i>right-click on the certificate -> Properties -> "general" tab -> Set "Friendly Name"</i>. <br clear="none"></div><div><br clear="none"></div><div>HTH</div><div><br clear="none"></div><div>Regards,</div><div>--Dinesh<br clear="none"></div><div><span><i></i></span></div></div><br clear="none"><div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412yqt59416"><div><div dir="ltr">On Wed, May 20, 2020 at 3:28 AM Nadeera Galagedara <<a rel="nofollow" shape="rect" ymailto="mailto:nadeeragalagedara@yahoo.com" target="_blank" href="mailto:nadeeragalagedara@yahoo.com">nadeeragalagedara@yahoo.com</a>> wrote:<br clear="none"></div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"></div>
<div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;">Dear <span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;">Dinesh,</span></span></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;"><br clear="none"></span></span></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;">Thank you for your support and it is been very helpful. I am using Centos 7 and the version came with it is 10.5. I am using that version. I think I have corrected the country (with c=LK). But I still have a problem with the nickname. </span></span></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;"><br clear="none"></span></span></div><div dir="ltr">I used the <i style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;">pki_ca_signing_nickname=mycompany_nickname</i> line but still the friendly name show on windows PC (I have imported the issued certificate to a windows PC) format like <Common Name>'s <Organisation> ID. My requirement is to show the the Friendly Name (shows as in Windows PC) as "<span><i style="color:rgb(0,0,0);font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;">mycompany_nickname</i><span style="color:rgb(0,0,0);font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"> " </span></span>I have attached a screenshot also. Please tell me what did I do wrong.</div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;"><span><br clear="none"></span></span></span></div><div dir="ltr"><br clear="none"></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;"><span><img title="Inline image" alt="Inline image" src="cid:ePCvY9oltoYWEkLQa0Ea" style="max-width:800px;width:100%;"><br clear="none"><br clear="none"></span></span></span></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span></span><div><div dir="ltr" style="color:rgb(0,0,0);font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><br clear="none"></div><div dir="ltr" style="color:rgb(0,0,0);font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;">The full config is mentioned below</div><div><br clear="none"></div></div><div><br clear="none"></div></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span></span><div><div dir="ltr"><b>Step 1</b></div><div><br clear="none"></div><div><i>[CA]</i></div><div><i>pki_admin_email=<a rel="nofollow" shape="rect" ymailto="mailto:mycompany@abc.lk" target="_blank" href="mailto:mycompany@abc.lk">mycompany@abc.lk</a></i></div><div><i>pki_admin_name=caadmin</i></div><div><i>pki_admin_nickname=caadmin</i></div><div><i>pki_admin_password=Secret.123</i></div><div><i>pki_admin_uid=caadmin</i></div><div><i><br clear="none"></i></div><div><i>pki_client_database_password=Secret.123</i></div><div><i>pki_client_database_purge=False</i></div><div><i>pki_client_pkcs12_password=Secret.123</i></div><div><i><br clear="none"></i></div><div><i>pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lk</i></div><div><i>pki_ds_database=ca2</i></div><div><i>pki_ds_password=Secret.123</i></div><div><i><br clear="none"></i></div><div><i>pki_security_domain_name=mycompany_domain</i></div><div><i>pki_token_password=Secret.123</i></div><div><i><br clear="none"></i></div><div><i>pki_external=True</i></div><div><i>pki_external_step_two=False</i></div><div><i><br clear="none"></i></div><div><i>pki_ca_signing_subject_dn=cn=mycompany_cn,ou=mycompany_ou,o=mycompany_o,c=LK</i></div><div><i>pki_ca_signing_csr_path=ca_signing.csr</i></div><div><i><br clear="none"></i></div><div><i>pki_ca_signing_nickname=mycompany_nickname</i></div><div><br clear="none"></div><div><i>pki_default_ocsp_uri=<a rel="nofollow" shape="rect" target="_blank" href="http://ocsp.mycompany.lk">http://ocsp.mycompany.lk</a></i></div><div><br clear="none"></div><div><br clear="none"></div><div><br clear="none"></div><div dir="ltr"><b>Step 2</b></div><div><br clear="none"></div><div><i>[CA]</i></div><div><i>pki_admin_email=<a rel="nofollow" shape="rect" ymailto="mailto:mycompany@abc.lk" target="_blank" href="mailto:mycompany@abc.lk">mycompany@abc.lk</a></i></div><div><i>pki_admin_name=caadmin</i></div><div><i>pki_admin_nickname=caadmin</i></div><div><i>pki_admin_password=Secret.123</i></div><div><i>pki_admin_uid=caadmin</i></div><div><i><br clear="none"></i></div><div><i>pki_client_database_password=Secret.123</i></div><div><i>pki_client_database_purge=False</i></div><div><i>pki_client_pkcs12_password=Secret.123</i></div><div><i><br clear="none"></i></div><div><i>pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lk</i></div><div><i>pki_ds_database=ca2</i></div><div><i>pki_ds_password=Secret.123</i></div><div><i><br clear="none"></i></div><div><i>pki_security_domain_name=mycompany_domain</i></div><div><i>pki_token_password=Secret.123</i></div><div><i><br clear="none"></i></div><div><i>pki_external=True</i></div><div><i>pki_external_step_two=True</i></div><div><i><br clear="none"></i></div><div><i>pki_ca_signing_csr_path=ca_signing.csr</i></div><div><i>pki_ca_signing_cert_path=ca_signing.crt</i></div><div><i><br clear="none"></i></div><div><i>pki_ca_signing_nickname=mycompany_nickname</i></div><div><i><br clear="none"></i></div><div><i>pki_default_ocsp_uri=<a rel="nofollow" shape="rect" target="_blank" href="http://ocsp.mycompany.lk">http://ocsp.mycompany.lk</a></i></div><div><br clear="none"></div></div><div><br clear="none"></div><div><br clear="none"></div><div><br clear="none"></div><div dir="ltr">Thank you and best regards,</div><div dir="ltr">Nadeera.</div><div dir="ltr"><br clear="none"></div></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;"><br clear="none"></span></span></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;"><br clear="none"></span></span></div><div dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><span><span style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;"><br clear="none"></span></span></div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><br clear="none"></div>
</div><div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412gmail-m_6485029878252713423ydp2cd1c1c2yahoo_quoted_0399287569">
<div style="font-family:Helvetica, Arial, sans-serif;font-size:13px;color:rgb(38,40,42);">
<div>
On Wednesday, May 20, 2020, 03:29:15 AM GMT+5:30, Dinesh Prasanth Moluguwan Krishnamoorthy <<a rel="nofollow" shape="rect" ymailto="mailto:dmoluguw@redhat.com" target="_blank" href="mailto:dmoluguw@redhat.com">dmoluguw@redhat.com</a>> wrote:
</div>
<div><br clear="none"></div>
<div><br clear="none"></div>
<div><div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412gmail-m_6485029878252713423ydp2cd1c1c2yiv8853450738"><div><div dir="ltr"><div dir="ltr"><div>Hi Nadeera,</div><div><br clear="none"></div><div>What version of dogtag PKI are you trying to install? You are referring to PKI 10.5 docs. The latest release is 10.8.3<br clear="none"></div><div><br clear="none"></div><div>If you are using the latest packages, our docs are available in our upstream repo: <a rel="nofollow" shape="rect" target="_blank" href="https://github.com/dogtagpki/pki/tree/v10.8/docs">https://github.com/dogtagpki/pki/tree/v10.8/docs</a></div><div><br clear="none"></div><div>(see inline reply)<br clear="none"></div></div><br clear="none"><div><div dir="ltr">On Tue, May 19, 2020 at 9:22 AM Nadeera Galagedara <<a rel="nofollow" shape="rect" ymailto="mailto:nadeeragalagedara@yahoo.com" target="_blank" href="mailto:nadeeragalagedara@yahoo.com">nadeeragalagedara@yahoo.com</a>> wrote:<br clear="none"></div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div dir="ltr">Dear all,</div><div dir="ltr"><br clear="none"></div><div dir="ltr">I am new to dogtag and I am installing a sub ca using the method described in <span><a rel="nofollow" shape="rect" target="_blank" href="https://www.dogtagpki.org/wiki/PKI_10.5_Installing_CA_with_External_CA_Signing_Certificate">https://www.dogtagpki.org/wiki/PKI_10.5_Installing_CA_with_External_CA_Signing_Certificate</a> . I want to know.</span></div><div dir="ltr"><span><br clear="none"></span></div><div dir="ltr">1) What is the parameter to change the <b>Friendly Name</b></div></div></div></blockquote><div>We do not use "Friendly Name". Instead, we use "nickname"</div><div>To configure the nickname for CA signing certificate use: <code>pki_ca_signing_nickname=</code></div><div><code></code><br clear="none"></div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div dir="ltr"><span>2) <span><span style="color:rgb(0,0,0);font-family:Helvetica, Arial, sans-serif;font-size:16px;">What is the parameter to change the <b>Country/Locality</b></span></span></span></div></div></div></blockquote><div>This is set using subject dn. So, in your case specify the Country using this attribute: <span>pki_ca_signing_subject_dn=</span></div><div> </div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div dir="ltr"><span><span>3) Where (a page link ) I can find details about each of this configuration parameters.</span></span></div></div></div></blockquote><div>I don't have a page that explains all the config parameters. But, I do have a page that can give you a list of parameters that you can use (since you mentioned 10.5, I'm listing the contents of 10.5 branch. Refer to the appropriate branch for an updated list)<br clear="none"></div><div><a rel="nofollow" shape="rect" target="_blank" href="https://github.com/dogtagpki/pki/blob/DOGTAG_10_5_BRANCH/base/server/etc/default.cfg">https://github.com/dogtagpki/pki/blob/DOGTAG_10_5_BRANCH/base/server/etc/default.cfg</a></div><div><br clear="none"></div><div>HTH</div><div><br clear="none"></div><div>Regards,</div><div>--Dinesh<div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412gmail-m_6485029878252713423ydp2cd1c1c2yiv8853450738yqtfd57998"><br clear="none"></div></div><div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412gmail-m_6485029878252713423ydp2cd1c1c2yiv8853450738yqtfd43981"><div> </div></div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div id="yiv7742330955gmail-m_-8245546841587472426yiv2687879412gmail-m_6485029878252713423ydp2cd1c1c2yiv8853450738yqtfd91423"><div dir="ltr"><span><span><br clear="none"></span></span></div><div dir="ltr"><span><span>Thank you.</span></span></div></div><div dir="ltr"><span><br clear="none"></span></div></div></div>_______________________________________________<br clear="none">
Pki-devel mailing list<br clear="none">
<a rel="nofollow" shape="rect" ymailto="mailto:Pki-devel@redhat.com" target="_blank" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></blockquote></div></div></div></div></div>
</div>
</div></div></blockquote></div></div></div></div></div>
</div>
</div></div></div></div></div>
</div>
</div></div></blockquote></div></div></div></div></div></div>
</div>
</div></body></html>