<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-2022-jp"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Texto de globo Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
span.EstiloCorreo17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.TextodegloboCar
{mso-style-name:"Texto de globo Car";
mso-style-priority:99;
mso-style-link:"Texto de globo";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1116676377;
mso-list-type:hybrid;
mso-list-template-ids:1498325570 295196978 201981955 201981957 201981953 201981955 201981957 201981953 201981955 201981957;}
@list l0:level1
{mso-level-start-at:57;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ES link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Hi,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I'm trying to create a certificate to install in my apache server or Internet Information Service, I follow the steps in this direction URL: <a href="http://pki.fedoraproject.org/wiki/Apache_Cert_Enrollment">http://pki.fedoraproject.org/wiki/Apache_Cert_Enrollment</a><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Some simple steps are listed here on how to proceed to enroll a server certificate for an apache webserver with Dogtag.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:14.0pt'>STEP ONE:</span></b><span lang=EN-US> Generate a Key/CSR:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>openssl genrsa -des3 -out www.mydomain.com.key 1024<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Fill out all the prompts here including CountryName,State,Locality,Organization Name, Organizational Unit Name, Common Name.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Sample CSR from the above commands:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>-----BEGIN CERTIFICATE REQUEST-----<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>MIIBqDCCARECAQAwaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>FTATBgNVBAcTDE1vdW50YWluVmlldzEPMA0GA1UEChMGUmVkSGF0MQwwCgYDVQQL<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>EwNJRE0xDjAMBgNVBAMTBWEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>gQDMbwtFUZNzlfWRI19nuxKsbhJ1/5A/rrXQkH7+K1uqxmzytm6b57lkGK9YUC7B<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>qSKpJ4zzOnVqwRZsE9oJ5CSv+eQUie1NTz4KEL9ZOsN4p2zn0JFaKqze/vxZ3Rux<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>BKnAz34KxOKZxGTiychOTytWS6V4lDzKBvgTgf0EZfOcfwIDAQABoAAwDQYJKoZI<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>hvcNAQEEBQADgYEAxRGViyX5MxedhfSOja3XmvCcTOZL+btT7u4zztGBz71qSGhz<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>yLcFCHCOMngsfiHxySBUIjZdGAOjrwcwT04ig/C2TE8mTamDp7d8/zQ6k9De/9Dp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Q+C7PZuTYQkDf417IxbalEWhhNQ2AE6pMxfWwWAhjP1jAFLdKQZtEVNG9AQ=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>-----END CERTIFICATE REQUEST-----<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:14.0pt'>STEP TWO:</span></b><span lang=EN-US> Submit this CSR to the "Server Certificate Enrollment" profile of the Dogtag CA and get it approved.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:14.0pt'>STEP THREE:</span></b><span lang=EN-US> Download the Cert and the CA and get them installed in apache.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I have problems in <b>step three</b>, when I click on the option "Import Your Certificate" from the web console Dogtag Certificate Manager, I receive the following message: <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>"This certificate cannot staff be installed Because you do not own the Corresponding private key"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Searching in google I found this:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>When I try to download my issued certificate, I get an “Accept in PKCS7” error message.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>If you are getting the “Error in accept PKCS7″ message that means that the Microsoft OS/Internet Explorer cannot find the private key(s) for those certificates. (Please note that this does not necessarily mean that the private key(s) are not there, just that the MS system cannot find them.)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>This happens because: <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US>the request was done under a different log-in profile (you are logged on under a different username/password) than when the request was made<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US>or the request was made with a different browser (for example, Firefox)<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US>or the request was made on a different computer than the one you are trying to import it on<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US>or something was done to the machine (like an update to the operating system – a Windows update, profile change, computer re-imaged, etc.)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>You will only be able to import the issued certificate onto the same computer, same log-in profile, and using the same web browser as when you made the on-line request. (i.e. as when you got the “Print this form” web page).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Well now!, I have the certificate in Base 64 format, Dogtag console shows me the following information: <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Installing this certificate in a server <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>The Following format can be used to install this certificate into a server. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Base 64 encoded certificate<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ES'><img border=0 width=543 height=434 id="_x0000_i1026" src="cid:image002.jpg@01CF7602.8CAEECC0"></span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>In this picture I deleted some lines deliberately, but my certificate is complete.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Base 64 encoded certificate with CA certificate chain in pkcs7 format<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ES'><img border=0 width=683 height=509 id="_x0030__x0020_Imagen" src="cid:image004.png@01CF7600.F67D7B50"></span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>In this picture I deleted some lines deliberately, but my certificate is complete.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Well now!, what I do with this information?, How I generated my certificate with this plane format? Since in my web browser from the console does not allow me to import the certificate. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>How I can generate my certificate from the command line? <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>How I can generate my certificates in .cer, .crt, .pfx, .p12? <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>What format should I use?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></body></html>