<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 09/14/2011 01:19 AM, Alexander Jung wrote:
<blockquote
cite="mid:CAMbyn75Lm=AiHAvOFYoPgkgiDtp+kQEw_JZ13XjED+oXL+Yr-w@mail.gmail.com"
type="cite">ok,<br>
<br>
find my howto at <br>
<a moz-do-not-send="true"
href="http://pki.fedoraproject.org/wiki/Fix_clone*.privkey.id_entries_in_CS.cfg_to_reenable_cloning">http://pki.fedoraproject.org/wiki/Fix_clone*.privkey.id_entries_in_CS.cfg_to_reenable_cloning</a><br
clear="all">
<br>
Mit freundlichen Grüßen,<br>
<br>
Alexander Jung<br>
</blockquote>
<br>
Thank you.<br>
<br>
<blockquote
cite="mid:CAMbyn75Lm=AiHAvOFYoPgkgiDtp+kQEw_JZ13XjED+oXL+Yr-w@mail.gmail.com"
type="cite">
<br>
<br>
<div class="gmail_quote">2011/9/13 Andrew Wnuk <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:awnuk@redhat.com">awnuk@redhat.com</a>></span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000"> <tt>Hi </tt>Alexander,<br>
<br>
Would be kind enough to add your solution to Dogtag's "How
Tos"?<br>
<a moz-do-not-send="true"
href="http://pki.fedoraproject.org/wiki/PKI_How_To"
target="_blank">http://pki.fedoraproject.org/wiki/PKI_How_To</a><br>
<br>
Thank you,<br>
Andrew
<div>
<div class="h5"><br>
<br>
<br>
On 09/13/2011 08:39 AM, Alexander Jung wrote: </div>
</div>
<blockquote type="cite">
<div>
<div class="h5">Hello,<br>
<br>
in the meantime i got it working. The problem was the
master CA setup: after instantating the ca the certs
have been replaced by the certs from another instance
- but the entires clone*.<a moz-do-not-send="true"
href="http://privkey.id" target="_blank">privkey.id</a>
had not been updated.<br>
<br>
After recognizing this I only had to match the
(unsigned) output of certutil -K with the (signed)
params in CS.cfg. I did this by inserting some
"System.out.println" into
com.netscape.cmsutil.crypto.CryptoUtil
findPrivateKeyFromID() and patching the new
.class-File into the .jar-file. Watching the
catalina.out while trying to clone the ca gave then
all needed infos.<br>
<br>
Another fresh install after that completed without
problems. <br>
<br clear="all">
Yours,<br>
<br>
Alexander Jung<br>
<br>
</div>
</div>
<pre><fieldset></fieldset>
_______________________________________________
Pki-users mailing list
<div class="im"><a moz-do-not-send="true" href="mailto:Pki-users@redhat.com" target="_blank">Pki-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/pki-users" target="_blank">https://www.redhat.com/mailman/listinfo/pki-users</a>
</div></pre>
</blockquote>
<tt><br>
</tt><br>
</div>
</blockquote>
</div>
<br>
</blockquote>
<br>
</body>
</html>