[Pki-devel] Configuration of Friendly Name and Country

Nadeera Galagedara nadeeragalagedara at yahoo.com
Wed May 20 07:28:33 UTC 2020 

 Dear Dinesh,
Thank you for your support and it is been very helpful. I am using Centos 7 and the version came with it is 10.5. I am using that version. I think I have corrected the country (with c=LK). But I still have a problem with the nickname. 
I used the pki_ca_signing_nickname=mycompany_nickname line but still the friendly name show on windows PC (I have imported the issued certificate to a windows PC) format like <Common Name>'s <Organisation> ID. My requirement is to show the the Friendly Name (shows as in Windows PC) as "mycompany_nickname " I have attached a screenshot also. Please tell me what did I do wrong.




The full config is mentioned below

Step 1
[CA]pki_admin_email=mycompany at abc.lkpki_admin_name=caadminpki_admin_nickname=caadminpki_admin_password=Secret.123pki_admin_uid=caadmin
pki_client_database_password=Secret.123pki_client_database_purge=Falsepki_client_pkcs12_password=Secret.123
pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lkpki_ds_database=ca2pki_ds_password=Secret.123
pki_security_domain_name=mycompany_domainpki_token_password=Secret.123
pki_external=Truepki_external_step_two=False
pki_ca_signing_subject_dn=cn=mycompany_cn,ou=mycompany_ou,o=mycompany_o,c=LKpki_ca_signing_csr_path=ca_signing.csr
pki_ca_signing_nickname=mycompany_nickname
pki_default_ocsp_uri=http://ocsp.mycompany.lk


Step 2
[CA]pki_admin_email=mycompany at abc.lkpki_admin_name=caadminpki_admin_nickname=caadminpki_admin_password=Secret.123pki_admin_uid=caadmin
pki_client_database_password=Secret.123pki_client_database_purge=Falsepki_client_pkcs12_password=Secret.123
pki_ds_base_dn=dc=issueca,dc=mycompany,dc=lkpki_ds_database=ca2pki_ds_password=Secret.123
pki_security_domain_name=mycompany_domainpki_token_password=Secret.123
pki_external=Truepki_external_step_two=True
pki_ca_signing_csr_path=ca_signing.csrpki_ca_signing_cert_path=ca_signing.crt
pki_ca_signing_nickname=mycompany_nickname
pki_default_ocsp_uri=http://ocsp.mycompany.lk



Thank you and best regards,Nadeera.




    On Wednesday, May 20, 2020, 03:29:15 AM GMT+5:30, Dinesh Prasanth Moluguwan Krishnamoorthy <dmoluguw at redhat.com> wrote:  
 
 Hi Nadeera,
What version of dogtag PKI are you trying to install? You are referring to PKI 10.5 docs. The latest release is 10.8.3

If you are using the latest packages, our docs are available in our upstream repo: https://github.com/dogtagpki/pki/tree/v10.8/docs
(see inline reply)

On Tue, May 19, 2020 at 9:22 AM Nadeera Galagedara <nadeeragalagedara at yahoo.com> wrote:

Dear all,
I am new to dogtag and I am installing a sub ca using the method described  in  https://www.dogtagpki.org/wiki/PKI_10.5_Installing_CA_with_External_CA_Signing_Certificate  . I want to know.
1) What is the parameter to change the Friendly Name
We do not use "Friendly Name". Instead, we use "nickname"To configure the nickname for CA signing certificate use:  pki_ca_signing_nickname=

2) What is the parameter to change the Country/Locality
This is set using subject dn. So, in your case specify the Country using this attribute: pki_ca_signing_subject_dn= 
3) Where (a page link ) I can find details about each of this configuration parameters.
I don't have a page that explains all the config parameters. But, I do have a page that can give you a list of parameters that you can use (since you mentioned 10.5, I'm listing the contents of 10.5 branch. Refer to the appropriate branch for an updated list)
https://github.com/dogtagpki/pki/blob/DOGTAG_10_5_BRANCH/base/server/etc/default.cfg
HTH
Regards,--Dinesh
 

Thank you.
_______________________________________________
Pki-devel mailing list
Pki-devel at redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20200520/fb9685f1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Capture.JPG
Type: image/jpeg
Size: 19706 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20200520/fb9685f1/attachment.jpe>

More information about the Pki-devel mailing list