<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    On 09/14/2011 01:19 AM, Alexander Jung wrote:
    <blockquote
cite="mid:CAMbyn75Lm=AiHAvOFYoPgkgiDtp+kQEw_JZ13XjED+oXL+Yr-w@mail.gmail.com"
      type="cite">ok,<br>
      <br>
      find my howto at <br>
      <a moz-do-not-send="true"
href="http://pki.fedoraproject.org/wiki/Fix_clone*.privkey.id_entries_in_CS.cfg_to_reenable_cloning">http://pki.fedoraproject.org/wiki/Fix_clone*.privkey.id_entries_in_CS.cfg_to_reenable_cloning</a><br
        clear="all">
      <br>
      Mit freundlichen Grüßen,<br>
      <br>
      Alexander Jung<br>
    </blockquote>
    <br>
    Thank you.<br>
    <br>
    <blockquote
cite="mid:CAMbyn75Lm=AiHAvOFYoPgkgiDtp+kQEw_JZ13XjED+oXL+Yr-w@mail.gmail.com"
      type="cite">
      <br>
      <br>
      <div class="gmail_quote">2011/9/13 Andrew Wnuk <span dir="ltr"><<a
            moz-do-not-send="true" href="mailto:awnuk@redhat.com">awnuk@redhat.com</a>></span><br>
        <blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
          0.8ex; border-left: 1px solid rgb(204, 204, 204);
          padding-left: 1ex;">
          <div bgcolor="#ffffff" text="#000000"> <tt>Hi </tt>Alexander,<br>
            <br>
            Would be kind enough to add your solution to Dogtag's "How
            Tos"?<br>
            <a moz-do-not-send="true"
              href="http://pki.fedoraproject.org/wiki/PKI_How_To"
              target="_blank">http://pki.fedoraproject.org/wiki/PKI_How_To</a><br>
            <br>
            Thank you,<br>
            Andrew
            <div>
              <div class="h5"><br>
                <br>
                <br>
                On 09/13/2011 08:39 AM, Alexander Jung wrote: </div>
            </div>
            <blockquote type="cite">
              <div>
                <div class="h5">Hello,<br>
                  <br>
                  in the meantime i got it working. The problem was the
                  master CA setup: after instantating the ca the certs
                  have been replaced by the certs from another instance
                  - but the entires clone*.<a moz-do-not-send="true"
                    href="http://privkey.id" target="_blank">privkey.id</a>
                  had not been updated.<br>
                  <br>
                  After recognizing this I only had to match the
                  (unsigned) output of certutil -K with the (signed)
                  params in CS.cfg. I did this by inserting some
                  "System.out.println" into
                  com.netscape.cmsutil.crypto.CryptoUtil 
                  findPrivateKeyFromID() and patching the new
                  .class-File into the .jar-file. Watching the
                  catalina.out while trying to clone the ca gave then
                  all needed infos.<br>
                  <br>
                  Another fresh install after that completed without
                  problems. <br>
                  <br clear="all">
                  Yours,<br>
                  <br>
                  Alexander Jung<br>
                  <br>
                </div>
              </div>
              <pre><fieldset></fieldset>
_______________________________________________
Pki-users mailing list
<div class="im"><a moz-do-not-send="true" href="mailto:Pki-users@redhat.com" target="_blank">Pki-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/pki-users" target="_blank">https://www.redhat.com/mailman/listinfo/pki-users</a>
</div></pre>
            </blockquote>
            <tt><br>
            </tt><br>
          </div>
        </blockquote>
      </div>
      <br>
    </blockquote>
    <br>
  </body>
</html>