<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Courier New \;color\:\#1F497D";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Courier New \;color\:windowtext";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Courier New \;color\:\#7F7F7F";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Courier New \;color\:\#CC292B";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Courier New \;color\:\#636B70";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New","serif";
color:black;}
tt
{mso-style-priority:99;
font-family:"Courier New","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
p.style5, li.style5, div.style5
{mso-style-name:style5;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.style9
{mso-style-name:style9;}
span.style11
{mso-style-name:style11;}
span.style14
{mso-style-name:style14;}
span.style12
{mso-style-name:style12;}
span.style7
{mso-style-name:style7;}
span.style1
{mso-style-name:style1;}
span.EmailStyle32
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle33
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle34
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle35
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:96104380;
mso-list-template-ids:1359626028;}
@list l0:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1
{mso-list-id:344981728;
mso-list-template-ids:-2143551152;}
@list l1:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2
{mso-list-id:360086525;
mso-list-type:hybrid;
mso-list-template-ids:2105463840 134807569 134807577 134807579 134807567 134807577 134807579 134807567 134807577 134807579;}
@list l2:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3
{mso-list-id:637300347;
mso-list-template-ids:-2053440756;}
@list l4
{mso-list-id:706032007;
mso-list-template-ids:-1439511382;}
@list l4:level1
{mso-level-start-at:5;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l5
{mso-list-id:2130390717;
mso-list-template-ids:-1948753546;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Andrew,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks for that, it’s been a while before I’ve been able to try the steps in <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/renewing-subsystem-certificates.html#renewing-certificates-using-certutil">https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/renewing-subsystem-certificates.html#renewing-certificates-using-certutil</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Below are the results of those steps.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Step 3 resulted in:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -K -d .<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>Enter Password or Pin for "NSS Certificate DB":<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>< 0> rsa 422b5af15b44ea69130671f9eea3c047c0ad0080 (orphan)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>< 1> rsa 7ee73faba7c4f1a027f5b309d9175089a8a6f084 Server-Cert cert-pki-ca<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>< 2> rsa 7bfe57e8f1adbe5d00f945be6cb167ce905dac3f ocspSigningCert cert-pki-ca<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>< 3> rsa 78b0a760918b4a9ec312cc75408a23e551dbd615 caSigningCert cert-pki-ca<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>< 4> rsa 99c4c03f6dd0bd4c90933b62c4b023d942f79d9e subsystemCert cert-pki-ca<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>< 5> rsa 9b839620f5d6802fb4c938fe6f06bcc9a1de8a85 auditSigningCert cert-pki-ca<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><pre style='margin-bottom:12.0pt;mso-line-height-alt:10.35pt;background:whitesmoke;vertical-align:baseline'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></pre><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Step 4 resulted in:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#cp -r /var/lib/pki-ca/alias /tmp/alias/<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#cd /tmp/alias/<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -D -n "Server-Cert cert-pki-ca" -d .<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -D -n "ocspSigningCert cert-pki-ca" -d .<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -D -n "caSigningCert cert-pki-ca" -d .<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -D -n "subsystemCert cert-pki-ca" -d .<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -D -n "auditSigningCert cert-pki-ca" -d .<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Step 5 resulted in:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "NSS Certificate DB:cert-pki-ca" -s "<snip>" -a -o <snip>.req2.txt<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>certutil: NSS Certificate DB:cert-pki-ca is neither a key-type nor a nickname: security library: bad database.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "NSS Certificate DB:cert-pki-ca" -s "CN=OCSP Signing Certificate,<snip>" -a -o OCSP.req2.txt<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>certutil: NSS Certificate DB:cert-pki-ca is neither a key-type nor a nickname: security library: bad database.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "NSS Certificate DB:cert-pki-ca" -s "CN=<snip>" -a -o <snip>.req2.txt<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>certutil: NSS Certificate DB:cert-pki-ca is neither a key-type nor a nickname: security library: bad database.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "NSS Certificate DB:cert-pki-ca" -s "CN=CA Subsystem Certificate,<snip>" -a -o CASub.req2.txt<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>certutil: NSS Certificate DB:cert-pki-ca is neither a key-type nor a nickname: security library: bad database.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "NSS Certificate DB:cert-pki-ca" -s "CN=CA Audit Signing Certificate,<snip>" -a -o CAAudit.req2.txt<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>certutil: NSS Certificate DB:cert-pki-ca is neither a key-type nor a nickname: security library: bad database.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I also tried the blow for the key-type or nickname and got the equivalent results:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "caSigningCert cert-pki-ca" ...etc<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "ocspSigningCert cert-pki-ca" ...etc<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "Server-Cert cert-pki-ca" ...etc<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "subsystemCert cert-pki-ca" ...etc<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New","serif";color:#1F497D'>#certutil -d . -R -k "auditSigningCert cert-pki-ca" ...etc<o:p></o:p></span></p><pre style='margin-bottom:12.0pt;mso-line-height-alt:10.35pt;background:whitesmoke;vertical-align:baseline'><span style='font-size:11.0pt'><o:p> </o:p></span></pre><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Please could you help me with these errors.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thank you.<o:p></o:p></span></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:blue'> <o:p></o:p></span></b></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#E01F25'>Richard Thomas</span></b><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#5F5F5F'><br>Senior Network Engineer</span> <span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#E01F25'><br><br>direct</span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#5F5F5F'> +44 (0)1252 644 265</span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#E01F25'><br>switchboard</span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#5F5F5F'> +44 (0)1252 776755</span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#E01F25'><br>email </span><a href="mailto:firstname.lastname@the-logic-group.com" target="_blank" title="blocked::mailto:firstname.lastname@the-logic-group.com"><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#5F5F5F'>richard.thomas@the-logic-group.com</span></a><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Andrew Wnuk [mailto:awnuk@redhat.com] <br><b>Sent:</b> 18 October 2013 18:27<br><b>To:</b> Richard Thomas<br><b>Cc:</b> pki-users@redhat.com<br><b>Subject:</b> Re: [Pki-users] CA Administrator of Instance pki-ca<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On 10/17/2013 08:36 AM, Richard Thomas wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Andrew,</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks for that, I’ve been using certutil on a set of files that I have copied from /var/lib/pki-ca/alias/ to /tmp/alias/ so that I can practice on non live certificate database files.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Here is what I have done whilst in the /tmp/alias/ directory:</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>$certutil -d . -L</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>Certificate Nickname Trust Attributes</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> SSL,S/MIME,JAR/XPI</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>ocspSigningCert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>subsystemCert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>caSigningCert cert-pki-ca CTu,Cu,Cu</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>Server-Cert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>auditSigningCert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>$certutil -d . -A -n 'ocspSigningCert cert-pki-ca' -t 'u,u,u' -a -i '/tmp/OCSP Signing Certificate-2013-2014.pem'</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>$certutil -d . -A -n 'subsystemCert cert-pki-ca' -t 'u,u,u' -a -i '/tmp/CA Subsystem Certificate-2013-2014.pem'</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>$certutil -d . -A -n 'caSigningCert cert-pki-ca' -t 'CTu,Cu,Cu' -a -i '/tmp/OCSP Signing Certificate-2013-2014.pem'</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>$certutil -d . -A -n 'Server-Cert cert-pki-ca' -t 'u,u,u' -a -i '/tmp/<primary server>-2013-2014.pem'</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>$certutil -d . -A -n 'auditSigningCert cert-pki-ca' -t 'u,u,u' -a -i '/tmp/CA Audit Signing Certificate-2013-2014.pem'</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>$certutil -d . -L</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>Certificate Nickname Trust Attributes</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> SSL,S/MIME,JAR/XPI</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>ocspSigningCert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>subsystemCert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>subsystemCert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>ocspSigningCert cert-pki-ca CTu,Cu,Cu</span><o:p></o:p></p></blockquote><p class=MsoNormal>OCSP trust bits should stay as "u,u,u"<br><br><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>caSigningCert cert-pki-ca CTu,Cu,Cu</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>Server-Cert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>auditSigningCert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>Server-Cert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'>auditSigningCert cert-pki-ca u,u,u</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I have a few queries about what I have done….</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New ;color:#1F497D","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l2 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>1)<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The old and new certificates are in the database store, so how does DogTag know when to use the old and new certificates? </span><o:p></o:p></p><p class=MsoNormal><br>Dogtag requests certificates by nickname. NSS library is providing the best choice based on nickname provided by Dogtag.<br>To avoid any potential problem, you may choose to remove old certificates before importing the new certificates as suggested in the following documentation:<br> <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/renewing-subsystem-certificates.html#renewing-certificates-using-certutil">https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/renewing-subsystem-certificates.html#renewing-certificates-using-certutil</a><br><br><br><o:p></o:p></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l2 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>2)<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>E.G. Would I also have to update each ca.<cert type>.cert= parameter of /etc/pki-ca/CS.cfg with the new b64-encoded certificate? E.G. ca.audit_signing.cert=, ca.ocsp_signing.cert= etc.</span><o:p></o:p></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l2 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>3)<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I notice the following differences between original and new CA Audit Signing Certificates (may be on the others, but haven’t looked yet). Is this anything to worry about?</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Original:</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Identifier: Authority Key Identifier - 2.5.29.35</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Critical: no </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Key Identifier: </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> <snip></span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Identifier: Key Usage: - 2.5.29.15</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Critical: yes </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Key Usage: </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Digital Signature </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Non Repudiation </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Critical: no </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Access Description: </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Method #0: ocsp</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Location #0: URIName: <a href="http://">http://</a><primary server name>:9180/ca/ocsp</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Identifier: Extended Key Usage: - 2.5.29.37</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Critical: no </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Extended Key Usage: </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> 1.3.6.1.5.5.7.3.4</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>New cert that I generated:</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Extensions: </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Identifier: Authority Key Identifier - 2.5.29.35</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Critical: no </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Key Identifier: </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> 77:2E:A7:DA:1D:1C:AF:3A:2A:5C:09:02:80:B8:DD:31:</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> 28:05:51:9A</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Identifier: Subject Key Identifier - 2.5.29.14</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Critical: no </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Key Identifier: </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> B9:B9:F0:09:0C:A2:F3:E4:A2:D3:F6:B9:63:6B:EA:2C:</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> 96:52:22:55</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Identifier: Key Usage: - 2.5.29.15</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Critical: yes </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Key Usage: </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Digital Signature </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Non Repudiation</span><o:p></o:p></p><p class=MsoNormal><br>Key usage is the same so it should work as this is just auditing certificate.<br><br><br><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks again,</span><o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:blue'> </span></b><o:p></o:p></p><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#E01F25'>Richard Thomas</span></b><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#5F5F5F'><br>Senior Network Engineer</span> <span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#E01F25'><br><br>direct</span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#5F5F5F'> +44 (0)1252 644 265</span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#E01F25'><br>switchboard</span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#5F5F5F'> +44 (0)1252 776755</span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#E01F25'><br>email </span><a href="mailto:firstname.lastname@the-logic-group.com" target="_blank" title="blocked::mailto:firstname.lastname@the-logic-group.com"><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#5F5F5F'>richard.thomas@the-logic-group.com</span></a><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Andrew Wnuk [<a href="mailto:awnuk@redhat.com">mailto:awnuk@redhat.com</a>] <br><b>Sent:</b> 17 October 2013 01:43<br><b>To:</b> Richard Thomas<br><b>Cc:</b> <a href="mailto:pki-users@redhat.com">pki-users@redhat.com</a><br><b>Subject:</b> Re: [Pki-users] CA Administrator of Instance pki-ca</span><o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><div><p class=MsoNormal><tt><span style='font-size:10.0pt'>On 10/16/2013 06:31 AM, Richard Thomas wrote:</span></tt><o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Hi Andrew,</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Thanks for your email, I got past that issue once I made some edits to some .cfg files in /var/lib/pki-ca/profiles/ca/ (shown at the bottom of this email).</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>That meant I could get as far as "Install a certificate" and I got a choice of the following when doing so:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Certificate Manager CA Signing Certificate(s)</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) OCSP Signing Certificate(s)</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) SSL Server Certificate(s)</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Cross-signed Certificate(s)</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Other Certificate(s)</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Please could you let me know which of the above option I should select.</span></tt><o:p></o:p></p></blockquote><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br><tt>The first 3 options should work for your CA but you are missing entries for subsytem and audit certificates.</tt><br><br><tt>You may import certificates manually using certutil.</tt><br><tt>For this you need to</tt></span><o:p></o:p></p><ol start=1 type=1><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo5'><tt><span style='font-size:10.0pt'>stop your CA</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo5'><tt><span style='font-size:10.0pt'>change directory to /var/lib/pki-ca/alias/</span></tt><o:p></o:p></li></ol><pre style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l1 level1 lfo5'><![if !supportLists]><span style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><tt>check current content of CA's NSS-DB by running</tt><o:p></o:p></pre><pre style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l1 level1 lfo5'><![if !supportLists]><span style='mso-list:Ignore'>4.<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><tt>certutil -d . -L</tt><o:p></o:p></pre><ol start=5 type=1><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo5'><tt><span style='font-size:10.0pt'>import certificates using identical trust bits and nicknames </span></tt><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br></span><tt><span style='font-size:10.0pt'>certutil -d . -A -n '<nickname>' -t '<trust>' -a -i '<file including b64-encoded certificate>'</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo5'><tt><span style='font-size:10.0pt'>start your CA</span></tt><o:p></o:p></li></ol><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br><tt>If you need to alter nicknames, please reflect this in CS.cfg file.</tt><br><br><br><br></span><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Thank you.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Richard.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Here’s what I did to be able to "Renew certificate to be manually approved by agents".</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Edit file /var/lib/pki-ca/profiles/ca/caServerCert.cfg</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Change:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>visible=false</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>enable=false</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>To:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>visible=true</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>enable=true</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Edit file /var/lib/pki-ca/profiles/ca/caOCSPCert.cfg</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Change:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>visible=false</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>enable=false</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>To:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>visible=true</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>enable=true</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Edit file /var/lib/pki-ca/profiles/ca/caSignedLogCert.cfg</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Change:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>visible=false</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>enable=false</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>To:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>visible=true</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>enable=true</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><br>visible=true makes enrollment visible on enrollment list page<br>enable=true enables specific enrollment profile<br><br>Both changes are fine.<br><br><br><br><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>service pki-cad restart</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><tt><b><span lang=EN-US style='font-size:10.0pt;color:windowtext'>From:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt;color:windowtext'> Andrew Wnuk [<a href="mailto:awnuk@redhat.com">mailto:awnuk@redhat.com</a>] </span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>Sent:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> 15 October 2013 17:41</span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>To:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> Richard Thomas</span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>Cc:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> <a href="mailto:pki-users@redhat.com">pki-users@redhat.com</a></span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>Subject:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> Re: [Pki-users] CA Administrator of Instance pki-ca</span></tt><o:p></o:p></p></div></div><p class=MsoNormal><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><div><p class=MsoNormal><tt><span style='font-size:10.0pt'>On 10/15/2013 02:35 AM, Richard Thomas wrote:</span></tt><o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Hi Andrew,</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Thanks again for getting back to me.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Unfortunately, I didn’t get very far.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>I’ve shown below what I have done and what it resulted in:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>o) Go to the <server>:9443/ca/agent/ca URL and list the certificates stored in Dogtag.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>o) Make a note of of the Certificate Serial Numbers of the following certificates and change the hex value into decimal:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>CN=OCSP Signing Certificate E.G. 2</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>CN=<primary server> E.G. 3</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>CN=CA Subsystem Certificate E.G. 4</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>CN=CA Audit Signing Certificate E.G. 5</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>CN=<secondary server> E.G. 268369921</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>o) Go to the <server>:9444/ca/ee/ca URL</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>o) Click on "Renewal: Renew certificate to be manually approved by agents"</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>o) Submit each of the Certificate Serial Numbers noted above and make a note of the request ID</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>For each Certificate Serial Number listed above that I submit, I get the following:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:9.0pt;color:#1F497D'>Sorry, your request is not submitted. The reason is "Profile caServerCert Not Found".</span></tt><o:p></o:p></p></blockquote><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br><br><tt>Check if caServerCert.cfg is listed under /var/lib/pki-ca/profiles/ca and then check if /var/lib/pki-ca/conf/CS.cfg includes</tt></span><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:10.0pt'>profile.list= . . . ,caServerCert, . . .</span></tt><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br><tt>. . .</tt><br><tt>profile.caServerCert.class_id=caEnrollImpl</tt><br><tt>profile.caServerCert.config=/var/lib/pki-ca/profiles/ca/caServerCert.cfg</tt><br><tt>. . .</tt></span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br><br><br><br></span><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Please could you help me further.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Many thanks.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Richard.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><tt><b><span lang=EN-US style='font-size:10.0pt;color:windowtext'>From:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt;color:windowtext'> Andrew Wnuk [<a href="mailto:awnuk@redhat.com">mailto:awnuk@redhat.com</a>] </span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>Sent:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> 12 October 2013 00:47</span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>To:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> Richard Thomas</span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>Cc:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> <a href="mailto:pki-users@redhat.com">pki-users@redhat.com</a></span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>Subject:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> Re: [Pki-users] CA Administrator of Instance pki-ca</span></tt><o:p></o:p></p></div></div><p class=MsoNormal><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><div><p class=MsoNormal><tt><span style='font-size:10.0pt'>On 10/11/2013 07:04 AM, Richard Thomas wrote:</span></tt><o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Hi Andrew,</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Thanks for those tips, I had some success, then difficulty and then success.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Below is what I did, with some of my comments inline.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Before I get to that though, there are some other certificates that are due to run out soon, but I think they should be easier to renew.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>The Common Name of those other certificates are:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) CN=OCSP Signing Certificate</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) CN=<servername></span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) CN=CA Subsystem Certificate</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) CN=CA Audit Signing Certificate</span></tt><o:p></o:p></p></blockquote><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br><tt>As I noticed below, that your server provides option to "Renew certificate to be manually approved by agents".</tt><br><tt>You should used this option for all your renewals.</tt><br><br><tt>Then start pkiconsole go to "System Keys and Certificates", select "Local Certificates", click on "Add/Renew", "Next" and "Install a certificate"</tt><br><br><br><br><br><br></span><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Please could you help me and let me know what steps I should take for renewing these too.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Thank you.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Anyway, back to what I did to get the admin certificate updated.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Your steps are still numbered, the ones that I did around them are identified with o)</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Here goes:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Edit /var/lib/pki-ca/profiles/ca/caUserCert.cfg</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>Change:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>visible=false</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>enable=false</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>To:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>visible=true</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>enable=true</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Restart service "pki-cad"</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>1. Go to EE interface (typically <a href="https://">https://</a><hostname>:9444/ca/ee/ca/) and select "Manual User Dual-Use Certificate Enrollment"</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>2. Fill out the form and submit request</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>3. Go to Agent interface (typically <a href="https://">https://</a><hostname>:9443/ca/agent/ca/) and approve submitted request</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>4. Return to EE interface, select "Retrieval" tab and "Check Request Status".</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>5. Type in request number and press submit.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>6. Click on issued certificate serial number.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>>I did "List Certificates", went to the last page and found the certificate that way</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>7. Go to the end of page displaying certificate and press "Import Your Certificate"</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>>I got "The server returned an invalid client certificate. Error 207 (net::ERR_CERT_INVALID)"</span></tt><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br><tt>This probably means that browser which generated certificate request (and the key) is not the same browser used to import certificate.</tt><br><br><br><br><br><br></span><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>> So having got stuck at this point, I figured I could use what I had done before and then use your pkiconsole instructions.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>> The below is end-to-end from what I started off on my own and then across to the second half of your instructions.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Go to the <server>:9444/ca/ee/ca URL</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Click on "Renewal: Renew certificate to be manually approved by agents" (make a note of the number)</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Go to the <server>:9443/ca/agent/ca URL to approve my request. (Use the number above)</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Go to the <server>:9444/ca/ee/ca URL to retrieve the certificate. (Use the number above) and click on the Issued certificate</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Extract the Base 64 encoded part of the certificate and save as <new certificate name>.pem</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Transfer <old certificate bundle name>.p12 and <new certificate name>.pem to a machine with openssl installed on it</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) On a machine with openssl installed on it, submit following command:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>$openssl pkcs12 -in <old certificate bundle name>.p12 -out <old certificate bundle name>.pem -nodes</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Copy <old certificate bundle name>.pem to <new certificate bundle name>.pem</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Update <new certificate bundle name>.pem by replacing the relevant part of it with the contents of <new certificate name>.pem</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Cut the key part of <new certificate bundle name>.pem and create <certificate name>.key from it</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Submit following command:</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>$openssl pkcs12 -export -in <new certificate bundle name>.pem -inkey <certificate name>.key -out <new certificate bundle name>.p12 </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Transfer <new certificate bundle name>.p12 to the machine with the web browser that you want to access Dog Tag from.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>o) Import <new certificate bundle name>.p12 into the machine.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>8. Start pkiconsole (typically by running "pkiconsole <a href="https://">https://</a>`hostname`:9445/ca")</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>9. Select "Users and Groups" and select your admin entry.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>10. Press "Certificates" button then "Import" and paste in the contents of <new certificate name>.pem, then OK and "Done"</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>11. Clear SSL cache in the browser or restart your browser.</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>12. You should now be able to use your new certificate to access Agent interface</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'>>YES – I can now access the agent interface using the new certificate J</span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:11.0pt;color:#1F497D'> </span></tt><o:p></o:p></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><tt><b><span lang=EN-US style='font-size:10.0pt;color:windowtext'>From:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt;color:windowtext'> Andrew Wnuk [<a href="mailto:awnuk@redhat.com">mailto:awnuk@redhat.com</a>] </span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>Sent:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> 08 October 2013 19:26</span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>To:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> Richard Thomas</span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>Cc:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> <a href="mailto:pki-users-bounces@redhat.com">pki-users-bounces@redhat.com</a></span></tt><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New ;color:windowtext","serif"'><br></span><tt><b><span lang=EN-US style='font-size:10.0pt'>Subject:</span></b></tt><tt><span lang=EN-US style='font-size:10.0pt'> Re: [Pki-users] CA Administrator of Instance pki-ca</span></tt><o:p></o:p></p></div></div><p class=MsoNormal><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><div><p class=MsoNormal><tt><span style='font-size:10.0pt'>On 10/07/2013 11:41 AM, Richard Thomas wrote:</span></tt><o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre><tt>Hi Andrew,</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Thanks very much for sending this to me.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>The first thing I'd like to point out is that I'm using the pre-Red Hat enterprise variant of DogTag (dogtag-pki-1.3.0-2.el5)</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I have been trying to adapt the instructions as best I can and have so nearly got there, but not quite..</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I have been referring to chapter 4.8.2 of that article by going to the <server>:9444/ca/ee/ca URL and the only 2 Certificate Profiles I have to choose from are:</tt><o:p></o:p></pre><pre><tt>o) Renewal: Renew certificate to be manually approved by agents</tt><o:p></o:p></pre><pre><tt>o) Cisco VPN Client Enrolment</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>The second option is for end users of our Cisco VPN to generate new certificates with, so I don't do anything with that.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>The first option looked promising, as it asked for a certificate number, so I used the <server>:9443/ca/agent/ca URL to find the certificate number of the current "CA Administrator of Instance pki-ca" certificate, make a note of it and enter it into the certificate renewal page.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I then use the <server>:9443/ca/agent/ca URL to approve my request.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Back to the <server>:9444/ca/ee/ca URL to retrieve the certificate.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I then updated the .p12 (.pfx) certificate with the one that appeared from the step above, with quite a bit of open_ssl commands, but I am confident that my new .p12 has everything in it as before (including the private key), with the exception of the "CA Administrator of Instance pki-ca" certificate being my updated one instead of the current one.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I manage to import it into by machine's browser and when I navigate to <server>:9443/ca/agent/ca, the new certificate comes up as an option to present to Dog Tag, so things are looking good at this stage and I select it.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>After that is where the first thing looks different, but I wasn't too worried about. I get a message saying "Request For Permission to Use a Key", so I grant permission.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Then things don't look go at all, as once I'm past that, all the pages say "Invalid Credential".</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I have probably gone about things in a way that's more complicated than it should be and I guess it's because I'm using an earlier version of Dog Tag.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Do you have any ideas where I have gone wrong with this please.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Thank you very much.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Richard.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre></blockquote><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br><tt>Unfortunately your version is old enough to miss new renewal profiles, which would make your task easier.</tt><br><br><tt>Here is a simple way to renew your CA administrator certificate:</tt></span><o:p></o:p></p><ol start=1 type=1><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Go to EE interface (typically <a href="https://">https://</a><hostname>:9444/ca/ee/ca/) and select "Manual User Dual-Use Certificate Enrollment"</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Fill out the form and submit request</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Go to Agent interface (typically <a href="https://">https://</a><hostname>:9443/ca/agent/ca/) and approve submitted request</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Return to EE interface, select "Retrieval" tab and "Check Request Status".</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Type in request number and press submit.</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Click on issued certificate serial number.</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Go to the end of page displaying certificate and press "Import Your Certificate"</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Start pkiconsole (typically by running "pkiconsole <a href="https://">https://</a>`hostname`:9445/ca")</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Select "Users and Groups" and select your admin entry.</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Press "Certificates" button then "Import" and paste in your new base64 encoded certificate, then OK and "Done"</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>Clear SSL cache in the browser or restart your browser.</span></tt><o:p></o:p></li><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo9'><tt><span style='font-size:10.0pt'>You should now be able to use your new certificate to access Agent interface</span></tt><o:p></o:p></li></ol><p class=MsoNormal><tt><span style='font-size:10.0pt'>Thanks,</span></tt><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br><tt>Andrew</tt><br><br><br><br><br><br><br><br></span><o:p></o:p></p><pre><tt> </tt><o:p></o:p></pre><pre><tt>________________________________________</tt><o:p></o:p></pre><pre><tt>From: <a href="mailto:pki-users-bounces@redhat.com">pki-users-bounces@redhat.com</a> [<a href="mailto:pki-users-bounces@redhat.com">pki-users-bounces@redhat.com</a>] On Behalf Of Andrew Wnuk [<a href="mailto:awnuk@redhat.com">awnuk@redhat.com</a>]</tt><o:p></o:p></pre><pre><tt>Sent: Thursday, October 03, 2013 6:05 PM</tt><o:p></o:p></pre><pre><tt>To: <a href="mailto:pki-users@redhat.com">pki-users@redhat.com</a></tt><o:p></o:p></pre><pre><tt>Subject: Re: [Pki-users] CA Administrator of Instance pki-ca</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Hi Richard,</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>You can renew certificate using: <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/renewing-certificates.html">https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/renewing-certificates.html</a></tt><o:p></o:p></pre><pre><tt>and then add new certificate to CA administrator entry using console.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Best,</tt><o:p></o:p></pre><pre><tt>Andrew</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>On 10/03/2013 08:49 AM, Richard Thomas wrote:</tt><o:p></o:p></pre><pre><tt>Hi all,</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I hope someone would be able to help me with this.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I have taken over a Dog Tag system and I have little knowledge of it.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I need to renew the “CA Administrator of Instance pki-ca” certificate, as it is running out in a few weeks.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Would someone be able to point me in the direction of any documentation on how to do this or let me know how to do it.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>I would massively appreciate any guidance on this.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Thanks in advance,</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>Richard.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>The world’s first PCI accreditation for a Point to Point Encryption application. Find out more…<a href="http://www.the-logic-group.com/pressrelease/Worlds-First-Accreditation-for-PCI-P2PE-Application"><http://www.the-logic-group.com/pressrelease/Worlds-First-Accreditation-for-PCI-P2PE-Application></a></tt><o:p></o:p></pre><pre><tt>The Logic Group</tt><o:p></o:p></pre><pre><tt>Enterprises Limited</tt><o:p></o:p></pre><pre><tt> Logic House</tt><o:p></o:p></pre><pre><tt>Waterfront Business Park</tt><o:p></o:p></pre><pre><tt>Fleet, Hampshire</tt><o:p></o:p></pre><pre><tt>GU51 3SB</tt><o:p></o:p></pre><pre><tt>United Kingdom phone</tt><o:p></o:p></pre><pre><tt>fax</tt><o:p></o:p></pre><pre><tt>email</tt><o:p></o:p></pre><pre><tt>web +44 1252 776 700</tt><o:p></o:p></pre><pre><tt>+44 1252 776 738</tt><o:p></o:p></pre><pre><tt><a href="mailto:info@the-logic-group.com">info@the-logic-group.com</a><a href="mailto:info@the-logic-group.com"><mailto:info@the-logic-group.com></a></tt><o:p></o:p></pre><pre><tt><a href="http://www.the-logic-group.com">www.the-logic-group.com</a><a href="http://www.the-logic-group.com"><http://www.the-logic-group.com></a> Registered in England</tt><o:p></o:p></pre><pre><tt>Number 2609323 [<a href="http://www.the-logic-group.com/UploadedImages/34e428b6-82a8-46f4-999d-89403051ff3c.jpg">http://www.the-logic-group.com/UploadedImages/34e428b6-82a8-46f4-999d-89403051ff3c.jpg</a>]</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>The Logic Group Enterprises Limited, Logic House, Waterfront Business Park, Fleet Road, Fleet,</tt><o:p></o:p></pre><pre><tt>Hampshire, GU51 3SB, United Kingdom. Registered in England. Registered No. 2609323</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>The information in this email and any attachments are confidential and may be legally privileged and protected by law. It is for the intended recipient only. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your system.</tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><pre><tt>_______________________________________________</tt><o:p></o:p></pre><pre><tt>Pki-users mailing list</tt><o:p></o:p></pre><pre><tt><a href="mailto:Pki-users@redhat.com">Pki-users@redhat.com</a><a href="mailto:Pki-users@redhat.com"><mailto:Pki-users@redhat.com></a></tt><o:p></o:p></pre><pre><tt><a href="https://www.redhat.com/mailman/listinfo/pki-users">https://www.redhat.com/mailman/listinfo/pki-users</a></tt><o:p></o:p></pre><pre><tt> </tt><o:p></o:p></pre><p class=MsoNormal><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><p><tt><b><span style='font-size:10.5pt;color:#C00000'>The world's first PCI accreditation for a Point to Point Encryption application.</span></b></tt><tt><span style='font-size:10.5pt;color:#C00000'> </span></tt><tt><b><span style='font-size:10.5pt;color:#7F7F7F'><a href="http://www.the-logic-group.com/pressrelease/Worlds-First-Accreditation-for-PCI-P2PE-Application"><span style='color:#7F7F7F'>Find out more...</span></a></span></b></tt><b><span style='font-size:10.5pt;font-family:"Courier New ;color:#7F7F7F","serif"'><br></span></b><tt><span style='font-size:10.0pt;color:#C00000'> </span></tt><o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=1000 style='width:750.0pt;border-collapse:collapse;float:none'><tr style='height:13.8pt'><td width=121 rowspan=2 valign=top style='width:90.75pt;border:dotted #D8D8D7 1.0pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=style5><span class=style9><span style='font-size:7.5pt;font-family:"Courier New","serif"'>The Logic Group </span></span><span style='font-size:7.5pt;font-family:"Courier New ;color:#CC292B","serif"'><br><span class=style9>Enterprises Limited </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=152 rowspan=2 valign=top style='width:114.0pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Courier New","serif"'>Logic House </span></span><span style='font-size:7.5pt;font-family:"Courier New","serif"'><br><span class=style11>Waterfront Business Park </span><br><span class=style11>Fleet, Hampshire </span><br><span class=style11>GU51 3SB </span><br><span class=style11>United Kingdom </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=45 rowspan=2 valign=top style='width:33.75pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style14><span style='font-size:7.5pt;font-family:"Courier New","serif"'>phone </span></span><span style='font-size:7.5pt;font-family:"Courier New ;color:#CC292B","serif"'><br><span class=style14>fax </span><br><span class=style14>email </span><br><span class=style14>web </span></span><o:p></o:p></p></td><td width=151 rowspan=2 valign=top style='width:113.25pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Courier New","serif"'>+44 1252 776 700 </span></span><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br></span><span class=style7><span style='font-size:7.5pt;font-family:"Courier New","serif"'>+44 1252 776 738 </span></span><span style='font-size:7.5pt;font-family:"Courier New","serif"'><br><span class=style7><a href="mailto:info@the-logic-group.com">info@the-logic-group.com</a> </span><br><span class=style7><a href="http://www.the-logic-group.com">www.the-logic-group.com</a> </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=84 rowspan=2 valign=top style='width:63.0pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Courier New","serif"'>Registered in England </span></span><span style='font-size:7.5pt;font-family:"Courier New","serif"'><br><span class=style11>Number 2609323 </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=137 rowspan=2 valign=top style='width:102.75pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'><img border=0 width=32 height=32 id="_x0000_i1025" src="cid:image001.jpg@01CED4B1.64DF78B0" alt="http://www.the-logic-group.com/UploadedImages/34e428b6-82a8-46f4-999d-89403051ff3c.jpg"></span><o:p></o:p></p></td><td width=0 style='width:.3pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'></td></tr><tr style='height:13.8pt'><td width=0 style='width:.3pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'></td></tr></table><p class=MsoNormal style='margin-bottom:12.0pt'><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=600 style='width:450.0pt;border-collapse:collapse;float:none'><tr style='height:59.25pt'><td style='border:dotted #D8D8D7 1.0pt;padding:0cm 0cm 0cm 0cm;height:59.25pt'><p style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:0cm'><span class=style1><span style='font-size:8.0pt;font-family:"Courier New ;color:#636B70","serif"'>The Logic Group Enterprises Limited, Logic House, Waterfront Business Park, Fleet Road, Fleet, </span></span><span style='font-size:8.0pt;font-family:"Courier New ;color:#636B70","serif"'><br><span class=style1>Hampshire, GU51 3SB, United Kingdom. Registered in England. Registered No. 2609323 </span></span><o:p></o:p></p><p style='margin:0cm;margin-bottom:.0001pt'><span class=style1><span style='font-size:8.0pt;font-family:"Courier New ;color:#636B70","serif"'>The information in this email and any attachments are confidential and may be legally privileged and protected by law. It is for the intended recipient only. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your system. </span></span><o:p></o:p></p></td></tr></table><p class=MsoNormal><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><p><tt><b><span style='font-size:10.5pt;color:#C00000'>The world's first PCI accreditation for a Point to Point Encryption application.</span></b></tt><tt><span style='font-size:10.5pt;color:#C00000'> </span></tt><tt><b><span style='font-size:10.5pt;color:#7F7F7F'><a href="http://www.the-logic-group.com/pressrelease/Worlds-First-Accreditation-for-PCI-P2PE-Application"><span style='color:#7F7F7F'>Find out more...</span></a></span></b></tt><b><span style='font-size:10.5pt;font-family:"Courier New ;color:#7F7F7F","serif"'><br></span></b><tt><span style='font-size:10.0pt;color:#C00000'> </span></tt><o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=1000 style='width:750.0pt;border-collapse:collapse;float:none'><tr style='height:13.8pt'><td width=121 rowspan=2 valign=top style='width:90.75pt;border:dotted #D8D8D7 1.0pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=style5><span class=style9><span style='font-size:7.5pt;font-family:"Courier New","serif"'>The Logic Group <br>Enterprises Limited </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=152 rowspan=2 valign=top style='width:114.0pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Courier New","serif"'>Logic House <br>Waterfront Business Park <br>Fleet, Hampshire <br>GU51 3SB <br>United Kingdom </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=45 rowspan=2 valign=top style='width:33.75pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style14><span style='font-size:7.5pt;font-family:"Courier New","serif"'>phone <br>fax <br>email <br>web </span></span><o:p></o:p></p></td><td width=151 rowspan=2 valign=top style='width:113.25pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Courier New","serif"'>+44 1252 776 700 </span></span><span class=style12><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br></span></span><span class=style7><span style='font-size:7.5pt;font-family:"Courier New","serif"'>+44 1252 776 738 </span></span><span class=style12><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'><br></span></span><span class=style7><span style='font-size:7.5pt;font-family:"Courier New","serif"'><a href="mailto:info@the-logic-group.com">info@the-logic-group.com</a> </span></span><span class=style12><span style='font-size:7.5pt;font-family:"Courier New","serif"'><br></span></span><span class=style7><span style='font-size:7.5pt;font-family:"Courier New","serif"'><a href="http://www.the-logic-group.com">www.the-logic-group.com</a> </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=84 rowspan=2 valign=top style='width:63.0pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Courier New","serif"'>Registered in England <br>Number 2609323 </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=137 rowspan=2 valign=top style='width:102.75pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'><img border=0 width=32 height=32 id="_x0000_i1026" src="cid:image001.jpg@01CED4B1.64DF78B0" alt="http://www.the-logic-group.com/UploadedImages/34e428b6-82a8-46f4-999d-89403051ff3c.jpg"></span><o:p></o:p></p></td><td width=0 style='width:.3pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'></td></tr><tr style='height:13.8pt'><td width=0 style='width:.3pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'></td></tr></table><p class=MsoNormal style='margin-bottom:12.0pt'><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=600 style='width:450.0pt;border-collapse:collapse;float:none'><tr style='height:59.25pt'><td style='border:dotted #D8D8D7 1.0pt;padding:0cm 0cm 0cm 0cm;height:59.25pt'><p style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:0cm'><span class=style1><span style='font-size:8.0pt;font-family:"Courier New ;color:#636B70","serif"'>The Logic Group Enterprises Limited, Logic House, Waterfront Business Park, Fleet Road, Fleet, <br>Hampshire, GU51 3SB, United Kingdom. Registered in England. Registered No. 2609323 </span></span><o:p></o:p></p><p style='margin:0cm;margin-bottom:.0001pt'><span class=style1><span style='font-size:8.0pt;font-family:"Courier New ;color:#636B70","serif"'>The information in this email and any attachments are confidential and may be legally privileged and protected by law. It is for the intended recipient only. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your system. </span></span><o:p></o:p></p></td></tr></table><p class=MsoNormal><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><p class=MsoNormal><tt><span style='font-size:10.0pt'> </span></tt><o:p></o:p></p><p><tt><b><span style='font-size:10.5pt;color:#C00000'>The world's first PCI accreditation for a Point to Point Encryption application.</span></b></tt><tt><span style='font-size:10.5pt;color:#C00000'> </span></tt><tt><b><span style='font-size:10.5pt;color:#7F7F7F'><a href="http://www.the-logic-group.com/pressrelease/Worlds-First-Accreditation-for-PCI-P2PE-Application"><span style='color:#7F7F7F'>Find out more...</span></a></span></b></tt><b><span style='font-size:10.5pt;font-family:"Courier New ;color:#7F7F7F","serif"'><br></span></b><tt><span style='font-size:10.0pt;color:#C00000'> </span></tt><o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=1000 style='width:750.0pt;border-collapse:collapse;float:none'><tr style='height:13.8pt'><td width=121 rowspan=2 valign=top style='width:90.75pt;border:dotted #D8D8D7 1.0pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=style5><span class=style9><span style='font-size:7.5pt;font-family:"Courier New ;color:#CC292B","serif"'>The Logic Group <br>Enterprises Limited </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=152 rowspan=2 valign=top style='width:114.0pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'>Logic House <br>Waterfront Business Park <br>Fleet, Hampshire <br>GU51 3SB <br>United Kingdom </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=45 rowspan=2 valign=top style='width:33.75pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style14><span style='font-size:7.5pt;font-family:"Courier New ;color:#CC292B","serif"'>phone <br>fax <br>email <br>web </span></span><o:p></o:p></p></td><td width=151 rowspan=2 valign=top style='width:113.25pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'>+44 1252 776 700 </span></span><span class=style12><span style='font-size:10.0pt;font-family:"Courier New","serif"'><br></span></span><span class=style7><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'>+44 1252 776 738 </span></span><span class=style12><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'><br></span></span><span class=style7><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'><a href="mailto:info@the-logic-group.com">info@the-logic-group.com</a> </span></span><span class=style12><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'><br></span></span><span class=style7><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'><a href="http://www.the-logic-group.com">www.the-logic-group.com</a> </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=84 rowspan=2 valign=top style='width:63.0pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'>Registered in England <br>Number 2609323 </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><tt><span style='font-size:7.5pt;color:#636B70'> </span></tt><o:p></o:p></p></td><td width=137 rowspan=2 valign=top style='width:102.75pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Courier New ;color:#636B70","serif"'><img border=0 id="_x0000_i1027" src="http://www.the-logic-group.com/UploadedImages/34e428b6-82a8-46f4-999d-89403051ff3c.jpg"></span><o:p></o:p></p></td><td width=0 style='width:.3pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'></td></tr><tr style='height:13.8pt'><td width=0 style='width:.3pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'></td></tr></table><p class=MsoNormal style='margin-bottom:12.0pt'> <o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=600 style='width:450.0pt;border-collapse:collapse;float:none'><tr style='height:59.25pt'><td style='border:dotted #D8D8D7 1.0pt;padding:0cm 0cm 0cm 0cm;height:59.25pt'><p style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:0cm'><span class=style1><span style='font-size:8.0pt;font-family:"Courier New ;color:#636B70","serif"'>The Logic Group Enterprises Limited, Logic House, Waterfront Business Park, Fleet Road, Fleet, <br>Hampshire, GU51 3SB, United Kingdom. Registered in England. Registered No. 2609323 </span></span><o:p></o:p></p><p style='margin:0cm;margin-bottom:.0001pt'><span class=style1><span style='font-size:8.0pt;font-family:"Courier New ;color:#636B70","serif"'>The information in this email and any attachments are confidential and may be legally privileged and protected by law. It is for the intended recipient only. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your system. </span></span><o:p></o:p></p></td></tr></table><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p><b><span style='font-size:10.5pt;font-family:"Verdana","sans-serif";color:#C00000'>The world's first PCI accreditation for a Point to Point Encryption application.</span></b><span style='font-size:10.5pt;font-family:"Verdana","sans-serif";color:#C00000'> </span><b><span style='font-size:10.5pt;font-family:"Verdana","sans-serif";color:#7F7F7F'><a href="http://www.the-logic-group.com/pressrelease/Worlds-First-Accreditation-for-PCI-P2PE-Application"><span style='color:#7F7F7F'>Find out more...</span></a><br></span></b><span style='font-family:"Verdana","sans-serif";color:#C00000'> </span><o:p></o:p></p><table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=1000 style='width:750.0pt;border-collapse:collapse;border:none;float:none'><tr style='height:13.8pt'><td width=121 rowspan=2 valign=top style='width:90.75pt;border:dotted #D8D8D7 1.0pt;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=style5><span class=style9><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#CC292B'>The Logic Group <br>Enterprises Limited </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span style='font-size:7.5pt;color:#636B70'> </span><o:p></o:p></p></td><td width=152 rowspan=2 valign=top style='width:114.0pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'>Logic House </span></span><span class=style11><span style='font-size:7.5pt;color:#636B70'><br></span></span><span class=style11><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'>Waterfront Business Park </span></span><span class=style11><span style='font-size:7.5pt;color:#636B70'><br></span></span><span class=style11><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'>Fleet, Hampshire </span></span><span class=style11><span style='font-size:7.5pt;color:#636B70'><br></span></span><span class=style11><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'>GU51 3SB </span></span><span class=style11><span style='font-size:7.5pt;color:#636B70'><br></span></span><span class=style11><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'>United Kingdom </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span style='font-size:7.5pt;color:#636B70'> </span><o:p></o:p></p></td><td width=45 rowspan=2 valign=top style='width:33.75pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style14><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#CC292B'>phone </span></span><span class=style14><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#CC292B'><br></span></span><span class=style14><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#CC292B'>fax </span></span><span class=style14><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#CC292B'><br></span></span><span class=style14><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#CC292B'>email </span></span><span class=style14><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#CC292B'><br></span></span><span class=style14><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#CC292B'>web </span></span><o:p></o:p></p></td><td width=151 rowspan=2 valign=top style='width:113.25pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'>+44 1252 776 700 </span></span><span class=style12><span style='font-family:"Verdana","sans-serif"'><br></span></span><span class=style7><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'>+44 1252 776 738 </span></span><span class=style12><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'><br></span></span><span class=style7><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'><a href="mailto:info@the-logic-group.com">info@the-logic-group.com</a> </span></span><span class=style12><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'><br></span></span><span class=style7><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'><a href="http://www.the-logic-group.com">www.the-logic-group.com</a> </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span style='font-size:7.5pt;color:#636B70'> </span><o:p></o:p></p></td><td width=84 rowspan=2 valign=top style='width:63.0pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span class=style11><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'>Registered in England </span></span><span class=style11><span style='font-size:7.5pt;color:#636B70'><br></span></span><span class=style11><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#636B70'>Number 2609323 </span></span><o:p></o:p></p></td><td width=10 rowspan=2 valign=top style='width:7.5pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span style='font-size:7.5pt;color:#636B70'> </span><o:p></o:p></p></td><td width=137 rowspan=2 valign=top style='width:102.75pt;border:dotted #D8D8D7 1.0pt;border-left:none;padding:0cm 0cm 0cm 0cm;height:13.8pt'><p class=MsoNormal><span style='font-size:7.5pt;color:#636B70'><img border=0 id="_x0000_i1028" src="http://www.the-logic-group.com/UploadedImages/34e428b6-82a8-46f4-999d-89403051ff3c.jpg"></span><o:p></o:p></p></td><td style='height:13.8pt;border:none' width=0 height=18></td></tr><tr style='height:13.8pt'><td style='height:13.8pt;border:none' width=0 height=18></td></tr></table><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=600 style='width:450.0pt;border-collapse:collapse;border:none;float:none'><tr style='height:59.25pt'><td style='border:dotted #D8D8D7 1.0pt;padding:0cm 0cm 0cm 0cm;height:59.25pt'><p style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:0cm'><span class=style1><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#636B70'>The Logic Group Enterprises Limited, Logic House, Waterfront Business Park, Fleet Road, Fleet, <br>Hampshire, GU51 3SB, United Kingdom. Registered in England. Registered No. 2609323 </span></span><o:p></o:p></p><p style='margin:0cm;margin-bottom:.0001pt'><span class=style1><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#636B70'>The information in this email and any attachments are confidential and may be legally privileged and protected by law. It is for the intended recipient only. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your system. </span></span><o:p></o:p></p></td></tr></table><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div><P><FONT face=Calibri><B><SPAN style="FONT-FAMILY: Verdana; COLOR: #c00000; FONT-SIZE: 14px">The world's first PCI accreditation for a Point to Point Encryption application.</SPAN></B><SPAN style="FONT-FAMILY: Verdana; COLOR: #c00000; FONT-SIZE: 14px"> </SPAN><B><SPAN style="FONT-FAMILY: Verdana; COLOR: #7f7f7f; FONT-SIZE: 14px"><A href="http://www.the-logic-group.com/pressrelease/Worlds-First-Accreditation-for-PCI-P2PE-Application"><SPAN style="FONT-FAMILY: Verdana; COLOR: #7f7f7f; FONT-SIZE: 14px">Find out more...</SPAN></A><BR></SPAN></B></FONT><SPAN style="FONT-FAMILY: Verdana; COLOR: #c00000"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p> </o:p></SPAN></P>
<TABLE style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-COLLAPSE: collapse; FLOAT: none; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" border=0 cellSpacing=0 cellPadding=0 width=1000>
<TBODY>
<TR>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" class=style1 vAlign=top rowSpan=2 width=121>
<P class=style5><FONT style="FONT-SIZE: 10px"><FONT color=#cc292b><SPAN style="FONT-FAMILY: verdana" class=style9>The Logic Group <BR>Enterprises Limited </SPAN><BR></FONT></FONT></P></TD>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" vAlign=top rowSpan=2 width=10><FONT style="FONT-SIZE: 10px" color=#636b70> </FONT></TD>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" vAlign=top rowSpan=2 width=152><SPAN class=style11><FONT style="FONT-SIZE: 10px" color=#636b70><SPAN style="FONT-FAMILY: verdana">Logic House </SPAN><BR><SPAN style="FONT-FAMILY: verdana">Waterfront Business Park </SPAN><BR><SPAN style="FONT-FAMILY: verdana">Fleet, Hampshire </SPAN><BR><SPAN style="FONT-FAMILY: verdana">GU51 3SB </SPAN><BR><SPAN style="FONT-FAMILY: verdana">United Kingdom </SPAN></FONT></SPAN></TD>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" vAlign=top rowSpan=2 width=10><FONT style="FONT-SIZE: 10px" color=#636b70> </FONT></TD>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" vAlign=top rowSpan=2 width=45><SPAN style="FONT-FAMILY: verdana" class=style14><FONT style="FONT-SIZE: 10px" color=#cc292b><SPAN style="FONT-FAMILY: verdana">phone </SPAN><BR><SPAN style="FONT-FAMILY: verdana">fax </SPAN><BR><SPAN style="FONT-FAMILY: verdana">email </SPAN><BR><SPAN style="FONT-FAMILY: verdana">web </SPAN></FONT></SPAN></TD>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" vAlign=top rowSpan=2 width=151><SPAN style="FONT-FAMILY: verdana" class=style11><FONT style="FONT-SIZE: 10px" color=#636b70><SPAN style="FONT-FAMILY: verdana">+44 1252 776 700 </SPAN></FONT></SPAN><SPAN style="FONT-FAMILY: verdana" class=style12><BR><FONT style="FONT-SIZE: 10px"><FONT color=#636b70><SPAN style="FONT-FAMILY: verdana" class=style7>+44 1252 776 738 </SPAN><BR><SPAN style="FONT-FAMILY: verdana" class=style7>info@the-logic-group.com </SPAN><BR><SPAN style="FONT-FAMILY: verdana" class=style7>www.the-logic-group.com </SPAN></FONT></FONT></SPAN></TD>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" vAlign=top rowSpan=2 width=10><FONT style="FONT-SIZE: 10px" color=#636b70> </FONT></TD>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" vAlign=top rowSpan=2 width=84><SPAN class=style11><FONT style="FONT-SIZE: 10px" color=#636b70><SPAN style="FONT-FAMILY: verdana">Registered in England </SPAN><BR><SPAN style="FONT-FAMILY: verdana">Number 2609323 </SPAN></FONT></SPAN></TD>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" vAlign=top rowSpan=2 width=10><FONT style="FONT-SIZE: 10px" color=#636b70> </FONT></TD>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" vAlign=top rowSpan=2 width=137><FONT style="FONT-SIZE: 10px" color=#636b70><IMG style="WIDTH: 129px; HEIGHT: 50px" src="http://www.the-logic-group.com/UploadedImages/34e428b6-82a8-46f4-999d-89403051ff3c.jpg"> </FONT></TD></TR>
<TR></TR></TBODY></TABLE><BR><BR>
<TABLE style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-COLLAPSE: collapse; FLOAT: none; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" border=0 cellSpacing=0 cellPadding=0 width=600>
<TBODY>
<TR>
<TD style="BORDER-BOTTOM: #d8d8d7 1px dotted; BORDER-LEFT: #d8d8d7 1px dotted; BORDER-TOP: #d8d8d7 1px dotted; BORDER-RIGHT: #d8d8d7 1px dotted" height=79>
<P style="MARGIN: 0px"><FONT color=#003366 size=1><SPAN style="PADDING-BOTTOM: 5px; PADDING-LEFT: 5px; PADDING-RIGHT: 5px; FONT-FAMILY: verdana; COLOR: rgb(99,107,112); FONT-SIZE: 8pt; PADDING-TOP: 5px" class=style1>The Logic Group Enterprises Limited, Logic House, Waterfront Business Park, Fleet Road, Fleet, <BR><SPAN style="PADDING-BOTTOM: 5px; PADDING-LEFT: 5px; PADDING-RIGHT: 5px; FONT-FAMILY: verdana; COLOR: rgb(99,107,112); FONT-SIZE: 8pt; PADDING-TOP: 5px" class=style1>Hampshire, GU51 3SB, United Kingdom. Registered in England. Registered No. 2609323 </SPAN></SPAN><SPAN style="PADDING-BOTTOM: 5px; PADDING-LEFT: 5px; PADDING-RIGHT: 5px; FONT-FAMILY: verdana; COLOR: rgb(99,107,112); FONT-SIZE: 8pt; PADDING-TOP: 5px" class=style1><BR><BR></SPAN></FONT></P>
<P style="MARGIN: 0px"><FONT color=#003366 size=1><SPAN style="PADDING-BOTTOM: 5px; PADDING-LEFT: 5px; PADDING-RIGHT: 5px; FONT-FAMILY: verdana; COLOR: rgb(99,107,112); FONT-SIZE: 8pt; PADDING-TOP: 5px" class=style1>The information in this email and any attachments are confidential and may be legally privileged and protected by law. It is for the intended recipient only. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your system. </SPAN></FONT></P></TD></TR></TBODY></TABLE>
<!--418FEECD7B41410cA6AF47547865A7D9-->
<br></body></html>