From dpartridge at tangible.net Tue Aug 4 09:59:44 2009 From: dpartridge at tangible.net (David Partridge) Date: Tue, 4 Aug 2009 05:59:44 -0400 Subject: [Pki-users] smartcard purchase In-Reply-To: References: Message-ID: <2F3DC4D41FA5994686AFFC36F1D661BE023CCD99@wolverine.tangiblesoftware.com> It is also my understanding that only specific vendor/model #'s of smartcards are interoperable with DogTag. Does anyone have list of vendor/card model #'s that have been tested and function without customization of install? David M. Partridge _____ From: Brown, Chris [mailto:cjbrown at mitre.org] Sent: Wednesday, July 29, 2009 2:37 PM To: pki-users at redhat.com Subject: [Pki-users] smartcard purchase When purchasing smartcards for use with the DogTag system, is it necessary to purchase the middleware and card mgmt software that vendors also offer? Since DogTag offers this I would guess not, but wanted to make sure. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5247 bytes Desc: not available URL: From ckannan at redhat.com Tue Aug 4 14:08:41 2009 From: ckannan at redhat.com (Chandrasekar Kannan) Date: Tue, 4 Aug 2009 10:08:41 -0400 (EDT) Subject: [Pki-users] smartcard purchase In-Reply-To: <2F3DC4D41FA5994686AFFC36F1D661BE023CCD99@wolverine.tangiblesoftware.com> Message-ID: <683688645.1877031249394921872.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> ----- "David Partridge" wrote: > It is also my understanding that only specific vendor/model #?s of > smartcards are interoperable with DogTag. Does anyone have list of > vendor/card model #?s that have been tested and function without > customization of install? afaik, these are the ones tested to work.. *Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key *Gemalto Cyberflex e-gate 32K token (Red Hat Enterprise Linux only) *Safenet 330J Java smart card Hope that helps. > > > > > David M. Partridge > > > > > > > > From: Brown, Chris [mailto:cjbrown at mitre.org] > Sent: Wednesday, July 29, 2009 2:37 PM > To: pki-users at redhat.com > Subject: [Pki-users] smartcard purchase > > > > When purchasing smartcards for use with the DogTag system, is it > necessary to purchase the middleware and card mgmt software that > vendors also offer? Since DogTag offers this I would guess not, but > wanted to make sure. Thanks. > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Chandrasekar Kannan -- ckannan at redhat.com Quality Engineering -- http://www.redhat.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From dpartridge at tangible.net Tue Aug 4 17:40:16 2009 From: dpartridge at tangible.net (David Partridge) Date: Tue, 4 Aug 2009 13:40:16 -0400 Subject: [Pki-users] smartcard purchase In-Reply-To: <683688645.1877031249394921872.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> References: <2F3DC4D41FA5994686AFFC36F1D661BE023CCD99@wolverine.tangiblesoftware.com> <683688645.1877031249394921872.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Message-ID: <2F3DC4D41FA5994686AFFC36F1D661BE01BFED84@wolverine.tangiblesoftware.com> Thanks David M. Partridge Tangible Senior Identity Management and Security Engineer 2010 Corporate Ridge Suite 620 McLean, Virginia 22102 Office 800-913-9901 x 3001 Mobile 571-286-9628 Fax 703-288-1226 dpartridge at tangible.net |-----Original Message----- |From: Chandrasekar Kannan [mailto:ckannan at redhat.com] |Sent: Tuesday, August 04, 2009 10:09 AM |To: David Partridge |Cc: Chris Brown; pki-users at redhat.com |Subject: Re: [Pki-users] smartcard purchase | | |----- "David Partridge" wrote: | |> It is also my understanding that only specific vendor/model #'s of |> smartcards are interoperable with DogTag. Does anyone have list of |> vendor/card model #'s that have been tested and function without |> customization of install? | |afaik, these are the ones tested to work.. | | *Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey |USB form factor key | *Gemalto Cyberflex e-gate 32K token (Red Hat Enterprise Linux only) | *Safenet 330J Java smart card | |Hope that helps. | |> |> |> |> |> David M. Partridge |> |> |> |> |> |> |> |> From: Brown, Chris [mailto:cjbrown at mitre.org] |> Sent: Wednesday, July 29, 2009 2:37 PM |> To: pki-users at redhat.com |> Subject: [Pki-users] smartcard purchase |> |> |> |> When purchasing smartcards for use with the DogTag system, is it |> necessary to purchase the middleware and card mgmt software that |> vendors also offer? Since DogTag offers this I would guess not, but |> wanted to make sure. Thanks. |> _______________________________________________ |> Pki-users mailing list |> Pki-users at redhat.com |> https://www.redhat.com/mailman/listinfo/pki-users | |-- | | |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |Chandrasekar Kannan -- ckannan at redhat.com |Quality Engineering -- http://www.redhat.com |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From satish at suburbia.org.au Tue Aug 4 18:47:01 2009 From: satish at suburbia.org.au (Satish Chetty) Date: Tue, 04 Aug 2009 11:47:01 -0700 Subject: [Pki-users] smartcard purchase In-Reply-To: <683688645.1877031249394921872.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> References: <683688645.1877031249394921872.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Message-ID: <4A788225.3090209@suburbia.org.au> Hi Chandra, On 08/04/2009 07:08 AM, Chandrasekar Kannan wrote: > ----- "David Partridge" wrote: > >> It is also my understanding that only specific vendor/model #?s of >> smartcards are interoperable with DogTag. Does anyone have list of >> vendor/card model #?s that have been tested and function without >> customization of install? > > afaik, these are the ones tested to work.. > > *Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key > *Gemalto Cyberflex e-gate 32K token (Red Hat Enterprise Linux only) > *Safenet 330J Java smart card I could not find 330j cards. Can the 330m be substituted instead? http://www.safenet-inc.com/products/tokens/products_sc_330m.asp Thanks, -Satish. > > Hope that helps. > >> >> >> >> David M. Partridge >> >> >> >> >> >> >> >> From: Brown, Chris [mailto:cjbrown at mitre.org] >> Sent: Wednesday, July 29, 2009 2:37 PM >> To: pki-users at redhat.com >> Subject: [Pki-users] smartcard purchase >> >> >> >> When purchasing smartcards for use with the DogTag system, is it >> necessary to purchase the middleware and card mgmt software that >> vendors also offer? Since DogTag offers this I would guess not, but >> wanted to make sure. Thanks. >> _______________________________________________ >> Pki-users mailing list >> Pki-users at redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users > From lawrence.j.melton at ugov.gov Thu Aug 13 20:50:03 2009 From: lawrence.j.melton at ugov.gov (Lawrence J Melton) Date: Thu, 13 Aug 2009 20:50:03 +0000 (GMT+00:00) Subject: [Pki-users] smartcard purchase In-Reply-To: <1011822577.1089121250196578741.JavaMail.root@linzimmb01o.imo.intelink.gov> Message-ID: <1386593584.1089171250196603335.JavaMail.root@linzimmb01o.imo.intelink.gov> It depends on what you mean by "for use with the DogTag system". If you want tokens for your end users, the Gemalto Cyberflex e-gate 32k token, Safenet model 330, and iKey 2000 (USB fob with same chip as the model 330) or iKey 2032 (same as the iKey 2000 with 32k memory) work great. I've never tried using a token for authenticating to Dogtag, but my understanding was if you can a token to work with mozilla, you should be able to get it to work with Dogtag. Yes, you'll need the middleware and card management software. The end user will need the middleware, and the sysadmins will need both. I didn't know that DogTag included middleware, but then it's been a year since I downloaded it. Larry ----- Original Message ----- From: "Satish Chetty" To: "Chandrasekar Kannan" Cc: "David Partridge" , pki-users at redhat.com Sent: Tuesday, August 4, 2009 2:47:01 PM GMT -05:00 US/Canada Eastern Subject: Re: [Pki-users] smartcard purchase Hi Chandra, On 08/04/2009 07:08 AM, Chandrasekar Kannan wrote: > ----- "David Partridge" wrote: > >> It is also my understanding that only specific vendor/model #?s of >> smartcards are interoperable with DogTag. Does anyone have list of >> vendor/card model #?s that have been tested and function without >> customization of install? > > afaik, these are the ones tested to work.. > > *Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key > *Gemalto Cyberflex e-gate 32K token (Red Hat Enterprise Linux only) > *Safenet 330J Java smart card I could not find 330j cards. Can the 330m be substituted instead? http://www.safenet-inc.com/products/tokens/products_sc_330m.asp Thanks, -Satish. > > Hope that helps. > >> >> >> >> David M. Partridge >> >> >> >> >> >> >> >> From: Brown, Chris [mailto:cjbrown at mitre.org] >> Sent: Wednesday, July 29, 2009 2:37 PM >> To: pki-users at redhat.com >> Subject: [Pki-users] smartcard purchase >> >> >> >> When purchasing smartcards for use with the DogTag system, is it >> necessary to purchase the middleware and card mgmt software that >> vendors also offer? Since DogTag offers this I would guess not, but >> wanted to make sure. Thanks. >> _______________________________________________ >> Pki-users mailing list >> Pki-users at redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users > _______________________________________________ Pki-users mailing list Pki-users at redhat.com https://www.redhat.com/mailman/listinfo/pki-users From dpartridge at tangible.net Thu Aug 13 21:01:35 2009 From: dpartridge at tangible.net (David Partridge) Date: Thu, 13 Aug 2009 17:01:35 -0400 Subject: [Pki-users] smartcard purchase In-Reply-To: <1386593584.1089171250196603335.JavaMail.root@linzimmb01o.imo.intelink.gov> References: <1011822577.1089121250196578741.JavaMail.root@linzimmb01o.imo.intelink.gov> <1386593584.1089171250196603335.JavaMail.root@linzimmb01o.imo.intelink.gov> Message-ID: <2F3DC4D41FA5994686AFFC36F1D661BE02434A34@wolverine.tangiblesoftware.com> Desire is for off the shelf token that has been validated as interoperable with all components within Dogtag family of systems. Specifically looking at TPS, TKS and ESC client interoperability with the token. David |-----Original Message----- |From: Lawrence J Melton [mailto:lawrence.j.melton at ugov.gov] |Sent: Thursday, August 13, 2009 4:50 PM |To: Satish Chetty |Cc: David Partridge; pki-users at redhat.com; Chandrasekar Kannan |Subject: Re: [Pki-users] smartcard purchase | |It depends on what you mean by "for use with the DogTag system". If you |want tokens for your end users, the Gemalto Cyberflex e-gate 32k token, |Safenet model 330, and iKey 2000 (USB fob with same chip as the model 330) |or iKey 2032 (same as the iKey 2000 with 32k memory) work great. I've |never tried using a token for authenticating to Dogtag, but my |understanding was if you can a token to work with mozilla, you should be |able to get it to work with Dogtag. | |Yes, you'll need the middleware and card management software. The end user |will need the middleware, and the sysadmins will need both. I didn't know |that DogTag included middleware, but then it's been a year since I |downloaded it. | |Larry | |----- Original Message ----- |From: "Satish Chetty" |To: "Chandrasekar Kannan" |Cc: "David Partridge" , pki-users at redhat.com |Sent: Tuesday, August 4, 2009 2:47:01 PM GMT -05:00 US/Canada Eastern |Subject: Re: [Pki-users] smartcard purchase | |Hi Chandra, | | |On 08/04/2009 07:08 AM, Chandrasekar Kannan wrote: |> ----- "David Partridge" wrote: |> |>> It is also my understanding that only specific vendor/model #'s of |>> smartcards are interoperable with DogTag. Does anyone have list of |>> vendor/card model #'s that have been tested and function without |>> customization of install? |> |> afaik, these are the ones tested to work.. |> |> *Gemalto TOP IM FIPS CY2 64K token, both as a smart card and |GemPCKey USB form factor key |> *Gemalto Cyberflex e-gate 32K token (Red Hat Enterprise Linux only) |> *Safenet 330J Java smart card | | I could not find 330j cards. Can the 330m be substituted instead? |http://www.safenet-inc.com/products/tokens/products_sc_330m.asp | | | |Thanks, |-Satish. |> |> Hope that helps. |> |>> |>> |>> |>> David M. Partridge |>> |>> |>> |>> |>> |>> |>> |>> From: Brown, Chris [mailto:cjbrown at mitre.org] |>> Sent: Wednesday, July 29, 2009 2:37 PM |>> To: pki-users at redhat.com |>> Subject: [Pki-users] smartcard purchase |>> |>> |>> |>> When purchasing smartcards for use with the DogTag system, is it |>> necessary to purchase the middleware and card mgmt software that |>> vendors also offer? Since DogTag offers this I would guess not, but |>> wanted to make sure. Thanks. |>> _______________________________________________ |>> Pki-users mailing list |>> Pki-users at redhat.com |>> https://www.redhat.com/mailman/listinfo/pki-users |> | |_______________________________________________ |Pki-users mailing list |Pki-users at redhat.com |https://www.redhat.com/mailman/listinfo/pki-users From cjbrown at mitre.org Thu Aug 27 12:41:36 2009 From: cjbrown at mitre.org (Brown, Chris) Date: Thu, 27 Aug 2009 08:41:36 -0400 Subject: [Pki-users] ESC and Microsoft CSP Message-ID: All, According to the documentation, when the ESC is installed the corresponding CSP is also installed. Also, the smartcard keys should show up in the CAPI personal store automatically when the card is inserted. I am not seeing this behavior, so the smartcard is not available to applications which rely on CAPI. Has anyone else observed this? How could I debug? SMART CARD DIAGNOSTICS REPORT ***Software Version Information*** Smart Card Manager Version: 1.1.0-0 System Versions: mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.8.0.4) gecko/20071025 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3513 bytes Desc: not available URL: From rashmeepawar at gmail.com Sun Aug 30 08:12:01 2009 From: rashmeepawar at gmail.com (Rashmi Pawar) Date: Sun, 30 Aug 2009 13:42:01 +0530 Subject: [Pki-users] Dogtag Installation on FC6 Message-ID: <816962df0908300112t6ca5b2at2b79ae587ba32d98@mail.gmail.com> Hi I am new to the Dogtag Certificate system. I have to install the dogtag certificate system on fedora core 6. I would appreciate help from pki-users who have successfully installed and are runing dogtag certificate system on linux. I read the explanantion on dogtag on http://pki.fedoraproject.org/wiki/PKI_Main_Page yet I have some questions before starting the installation. Following are the questions: 1. Do I have to install and run Apache service on the system on which I am going to implement dogtag? 2. I am confused about the configuration of all the PKI subsystems like CA,RA,DRM...etc. In the http://pki.fedoraproject.org/wiki/PKI_Main_Page the configuration of all subsyems is given but I dont understand from where do I get the configuration URL for each subsystem. 3. I have to integrate the setup with Checkpoint, so need steps on the integration. I would appreciate if someone who has implemented dogtag would provide me easy steps to install dogtag on fedora core 6. Thanks & Regards, Rashmi -------------- next part -------------- An HTML attachment was scrubbed... URL: From ckannan at redhat.com Sun Aug 30 14:30:03 2009 From: ckannan at redhat.com (Chandrasekar Kannan) Date: Sun, 30 Aug 2009 07:30:03 -0700 Subject: [Pki-users] Dogtag Installation on FC6 In-Reply-To: <816962df0908300112t6ca5b2at2b79ae587ba32d98@mail.gmail.com> References: <816962df0908300112t6ca5b2at2b79ae587ba32d98@mail.gmail.com> Message-ID: <4A9A8CEB.1080404@redhat.com> On 08/30/2009 01:12 AM, Rashmi Pawar wrote: > Hi > I am new to the Dogtag Certificate system. I have to install the > dogtag certificate system on fedora core 6. I would appreciate help > from pki-users who have successfully installed and are runing dogtag > certificate system on linux. > I read the explanantion on dogtag on > http://pki.fedoraproject.org/wiki/PKI_Main_Page yet I have some > questions before starting the installation. Following are the questions: > 1. Do I have to install and run Apache service on the system on > which I am going to implement dogtag? not unless you need pki-tps or pki-ra subsystems. For pki-ca, pki-tks, pki-ocsp, pki-kra you just need tomcat5. > 2. I am confused about the configuration of all the PKI subsystems > like CA,RA,DRM...etc. In the > http://pki.fedoraproject.org/wiki/PKI_Main_Page the configuration of > all subsyems is given but I dont understand from where do I get the > configuration URL for each subsystem. for example, once you run yum install pki-ca, the rpm post install scripts run /usr/bin/pkicreate utility to create the default instance. Upon creation of this default instance, pkicreate spits out the url for configuration. > 3. I have to integrate the setup with Checkpoint, so need steps on the > integration. no idea. > I would appreciate if someone who has implemented dogtag would provide > me easy steps to install dogtag on fedora core 6. > Thanks & Regards, > Rashmi > ------------------------------------------------------------------------ > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rashmeepawar at gmail.com Mon Aug 31 08:20:02 2009 From: rashmeepawar at gmail.com (Rashmi Pawar) Date: Mon, 31 Aug 2009 13:50:02 +0530 Subject: [Pki-users] Re: Pki-users Digest, Vol 18, Issue 6 In-Reply-To: <20090830160006.0741F6188FC@hormel.redhat.com> References: <20090830160006.0741F6188FC@hormel.redhat.com> Message-ID: <816962df0908310120j567fe71ap899468073a2162e4@mail.gmail.com> Hi Chandrasekar, Thank you for your reply. One quick question..As you said i dont need to install and run Apache if pki-tps and pki-ra subsystems are not installed...My question is even if i am not installing pki-ra and pki-tps subsystems can i still go with apache? Regards, Rashmi Pawar On Sun, Aug 30, 2009 at 9:30 PM, wrote: > Send Pki-users mailing list submissions to > pki-users at redhat.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/pki-users > or, via email, send a message with subject or body 'help' to > pki-users-request at redhat.com > > You can reach the person managing the list at > pki-users-owner at redhat.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Pki-users digest..." > > > Today's Topics: > > 1. Dogtag Installation on FC6 (Rashmi Pawar) > 2. Re: Dogtag Installation on FC6 (Chandrasekar Kannan) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 30 Aug 2009 13:42:01 +0530 > From: Rashmi Pawar > Subject: [Pki-users] Dogtag Installation on FC6 > To: pki-users at redhat.com > Message-ID: > <816962df0908300112t6ca5b2at2b79ae587ba32d98 at mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Hi > > I am new to the Dogtag Certificate system. I have to install the dogtag > certificate system on fedora core 6. I would appreciate help from pki-users > who have successfully installed and are runing dogtag certificate system on > linux. > I read the explanantion on dogtag on > http://pki.fedoraproject.org/wiki/PKI_Main_Page yet I have some questions > before starting the installation. Following are the questions: > > 1. Do I have to install and run Apache service on the system on which I am > going to implement dogtag? > 2. I am confused about the configuration of all the PKI subsystems like > CA,RA,DRM...etc. In the http://pki.fedoraproject.org/wiki/PKI_Main_Pagethe > configuration of all subsyems is given but I dont understand from where do > I > get the configuration URL for each subsystem. > 3. I have to integrate the setup with Checkpoint, so need steps on the > integration. > > I would appreciate if someone who has implemented dogtag would provide me > easy steps to install dogtag on fedora core 6. > > Thanks & Regards, > Rashmi > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > https://www.redhat.com/archives/pki-users/attachments/20090830/86c17a72/attachment.html > > ------------------------------ > > Message: 2 > Date: Sun, 30 Aug 2009 07:30:03 -0700 > From: Chandrasekar Kannan > Subject: Re: [Pki-users] Dogtag Installation on FC6 > To: Rashmi Pawar > Cc: pki-users at redhat.com > Message-ID: <4A9A8CEB.1080404 at redhat.com> > Content-Type: text/plain; charset="iso-8859-1" > > On 08/30/2009 01:12 AM, Rashmi Pawar wrote: > > Hi > > I am new to the Dogtag Certificate system. I have to install the > > dogtag certificate system on fedora core 6. I would appreciate help > > from pki-users who have successfully installed and are runing dogtag > > certificate system on linux. > > I read the explanantion on dogtag on > > http://pki.fedoraproject.org/wiki/PKI_Main_Page yet I have some > > questions before starting the installation. Following are the questions: > > 1. Do I have to install and run Apache service on the system on > > which I am going to implement dogtag? > > not unless you need pki-tps or pki-ra subsystems. For pki-ca, pki-tks, > pki-ocsp, pki-kra you just need tomcat5. > > > 2. I am confused about the configuration of all the PKI subsystems > > like CA,RA,DRM...etc. In the > > http://pki.fedoraproject.org/wiki/PKI_Main_Page the configuration of > > all subsyems is given but I dont understand from where do I get the > > configuration URL for each subsystem. > > for example, once you run yum install pki-ca, the rpm post install > scripts run /usr/bin/pkicreate utility to create the default instance. > Upon creation of this default instance, pkicreate spits out the url for > configuration. > > > > 3. I have to integrate the setup with Checkpoint, so need steps on the > > integration. > no idea. > > > I would appreciate if someone who has implemented dogtag would provide > > me easy steps to install dogtag on fedora core 6. > > Thanks & Regards, > > Rashmi > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > https://www.redhat.com/archives/pki-users/attachments/20090830/573d26cb/attachment.html > > ------------------------------ > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > > > End of Pki-users Digest, Vol 18, Issue 6 > **************************************** > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ckannan at redhat.com Mon Aug 31 12:23:48 2009 From: ckannan at redhat.com (Chandrasekar Kannan) Date: Mon, 31 Aug 2009 05:23:48 -0700 Subject: [Pki-users] Re: Pki-users Digest, Vol 18, Issue 6 In-Reply-To: <816962df0908310120j567fe71ap899468073a2162e4@mail.gmail.com> References: <20090830160006.0741F6188FC@hormel.redhat.com> <816962df0908310120j567fe71ap899468073a2162e4@mail.gmail.com> Message-ID: <4A9BC0D4.9090403@redhat.com> On 08/31/2009 01:20 AM, Rashmi Pawar wrote: > Hi Chandrasekar, > Thank you for your reply. > One quick question..As you said i dont need to install and run Apache > if pki-tps and pki-ra subsystems are not installed...My question is > even if i am not installing pki-ra and pki-tps subsystems can i still > go with apache? can u explain what you will use apache for .. in this case ?.. > Regards, > Rashmi Pawar > On Sun, Aug 30, 2009 at 9:30 PM, > wrote: > > Send Pki-users mailing list submissions to > pki-users at redhat.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/pki-users > or, via email, send a message with subject or body 'help' to > pki-users-request at redhat.com > > You can reach the person managing the list at > pki-users-owner at redhat.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Pki-users digest..." > > > Today's Topics: > > 1. Dogtag Installation on FC6 (Rashmi Pawar) > 2. Re: Dogtag Installation on FC6 (Chandrasekar Kannan) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 30 Aug 2009 13:42:01 +0530 > From: Rashmi Pawar > > Subject: [Pki-users] Dogtag Installation on FC6 > To: pki-users at redhat.com > Message-ID: > <816962df0908300112t6ca5b2at2b79ae587ba32d98 at mail.gmail.com > > > Content-Type: text/plain; charset="iso-8859-1" > > Hi > > I am new to the Dogtag Certificate system. I have to install the > dogtag > certificate system on fedora core 6. I would appreciate help from > pki-users > who have successfully installed and are runing dogtag certificate > system on > linux. > I read the explanantion on dogtag on > http://pki.fedoraproject.org/wiki/PKI_Main_Page yet I have some > questions > before starting the installation. Following are the questions: > > 1. Do I have to install and run Apache service on the system on > which I am > going to implement dogtag? > 2. I am confused about the configuration of all the PKI subsystems > like > CA,RA,DRM...etc. In the > http://pki.fedoraproject.org/wiki/PKI_Main_Page the > configuration of all subsyems is given but I dont understand from > where do I > get the configuration URL for each subsystem. > 3. I have to integrate the setup with Checkpoint, so need steps on the > integration. > > I would appreciate if someone who has implemented dogtag would > provide me > easy steps to install dogtag on fedora core 6. > > Thanks & Regards, > Rashmi > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > https://www.redhat.com/archives/pki-users/attachments/20090830/86c17a72/attachment.html > > ------------------------------ > > Message: 2 > Date: Sun, 30 Aug 2009 07:30:03 -0700 > From: Chandrasekar Kannan > > Subject: Re: [Pki-users] Dogtag Installation on FC6 > To: Rashmi Pawar > > Cc: pki-users at redhat.com > Message-ID: <4A9A8CEB.1080404 at redhat.com > > > Content-Type: text/plain; charset="iso-8859-1" > > On 08/30/2009 01:12 AM, Rashmi Pawar wrote: > > Hi > > I am new to the Dogtag Certificate system. I have to install the > > dogtag certificate system on fedora core 6. I would appreciate help > > from pki-users who have successfully installed and are runing dogtag > > certificate system on linux. > > I read the explanantion on dogtag on > > http://pki.fedoraproject.org/wiki/PKI_Main_Page yet I have some > > questions before starting the installation. Following are the > questions: > > 1. Do I have to install and run Apache service on the system on > > which I am going to implement dogtag? > > not unless you need pki-tps or pki-ra subsystems. For pki-ca, pki-tks, > pki-ocsp, pki-kra you just need tomcat5. > > > 2. I am confused about the configuration of all the PKI subsystems > > like CA,RA,DRM...etc. In the > > http://pki.fedoraproject.org/wiki/PKI_Main_Page the configuration of > > all subsyems is given but I dont understand from where do I get the > > configuration URL for each subsystem. > > for example, once you run yum install pki-ca, the rpm post install > scripts run /usr/bin/pkicreate utility to create the default instance. > Upon creation of this default instance, pkicreate spits out the > url for > configuration. > > > > 3. I have to integrate the setup with Checkpoint, so need steps > on the > > integration. > no idea. > > > I would appreciate if someone who has implemented dogtag would > provide > > me easy steps to install dogtag on fedora core 6. > > Thanks & Regards, > > Rashmi > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Pki-users mailing list > > Pki-users at redhat.com > > https://www.redhat.com/mailman/listinfo/pki-users > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > https://www.redhat.com/archives/pki-users/attachments/20090830/573d26cb/attachment.html > > ------------------------------ > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > > > End of Pki-users Digest, Vol 18, Issue 6 > **************************************** > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmagne at redhat.com Mon Aug 31 21:41:20 2009 From: jmagne at redhat.com (John Magne) Date: Mon, 31 Aug 2009 17:41:20 -0400 (EDT) Subject: [Pki-users] ESC and Microsoft CSP In-Reply-To: <2032155462.470511251754697261.JavaMail.root@zmail06.collab.prod.int.phx2.redhat.com> Message-ID: <67826241.470601251754880902.JavaMail.root@zmail06.collab.prod.int.phx2.redhat.com> Check to see if you have something in the following registry key: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/CoolKey PKCS#11 CSP If not perhaps you are running with an older test version of the CS product that did not install the CSP. Upgrading the client to CS 7.3 or 8.0 should do the trick. ----- Original Message ----- From: "Chris Brown" To: pki-users at redhat.com Sent: Thursday, August 27, 2009 5:41:36 AM GMT -08:00 US/Canada Pacific Subject: [Pki-users] ESC and Microsoft CSP All, According to the documentation, when the ESC is installed the corresponding CSP is also installed. Also, the smartcard keys should show up in the CAPI personal store automatically when the card is inserted. I am not seeing this behavior, so the smartcard is not available to applications which rely on CAPI. Has anyone else observed this? How could I debug? SMART CARD DIAGNOSTICS REPORT ***Software Version Information*** Smart Card Manager Version: 1.1.0-0 System Versions: mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.8.0.4) gecko/20071025 _______________________________________________ Pki-users mailing list Pki-users at redhat.com https://www.redhat.com/mailman/listinfo/pki-users