[Pki-users] change Root CA's Validity

David (Dave) Donnan david.donnan at thalesgroup.com
Mon Feb 15 14:57:05 UTC 2010 

Immediately after ‘yum install’ and before launching the following URL, 
in your Browser, run the following script,

 http://dogtag.x.y:9080/ca/admin/console/config/login?pin=wefcqIpLK76vmfs7Pjye 
<http://dogtag.theresis.thales:9080/ca/admin/console/config/login?pin=wefcqIpLK76vmfs7Pjye>

 Cdlt, Dave
--------
Erwin Himawan wrote:

> Dave,
>
> It is a good and useful script.  Where should the script be run? 
>  After creating pki-ca instance and prior to configuring the pki-ca 
> instance?
>
> Thanks,
> Erwin
>
> On Fri, Feb 12, 2010 at 6:06 AM, David (Dave) Donnan 
> <david.donnan at thalesgroup.com <mailto:david.donnan at thalesgroup.com>> 
> wrote:
>
>     Fu-Jyh Luo hello. This might be overkill but you're welcome to it.
>
>     I think the default cert expiry period with CMS is 2 years – way
>     too short. This script enables 7300 days = 20 years, rather.
>
>      
>
>     #!/bin/bash
>
>     #
>
>     # COMPONENT_NAME: ca-delta-range.sh
>
>     #
>
>     # HISTORY: Version 1.0 2008/10    Dave (David) Donnan
>
>     #
>
>      
>
>     cd /var/lib/pki-ca/profiles/ca
>
>     for file in *.cfg; do
>
>     echo $file
>
>     cp -p $file $file.pre7300
>
>     sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
>
>     chmod 755 $file
>
>     chown pkiuser:pkiuser $file
>
>     done
>
>      
>
>     cd /var/lib/pki-ca/conf
>
>     for file in *.profile; do
>
>     echo $file
>
>     cp -p $file $file.pre7300
>
>     sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
>
>     chmod 755 $file
>
>     chown pkiuser:pkiuser $file
>
>     done
>
>     # end
>
>      
>
>      
>
>     Similarly, I wrote kra-dra-delta-range.sh to be used later:
>
>      
>
>     #!/bin/bash
>
>     #
>
>     # COMPONENT_NAME: kra-dra-delta-range.sh
>
>     #
>
>     # HISTORY: Version 1.0 2008/10    Dave (David) Donnan Original
>
>     #
>
>     #
>
>      
>
>     cd /var/lib/pki-kra/conf
>
>     for file in *.profile; do
>
>     echo $file
>
>     cp -p $file $file.pre7300
>
>     sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
>
>     chmod 755 $file
>
>     chown pkiuser:pkiuser $file
>
>     done
>
>     # end
>
>     Fu-Jyh Luo wrote:
>>     Dear All,
>>
>>     I installed DogTag.  The default validity of ROOT CA is 2 years.  Is a way to change the ROOT CA's validity during the configuration wizard?
>>
>>     Thanks,
>>     Fu-Jyh Luo
>>
>>
>>           
>>
>>     _______________________________________________
>>     Pki-users mailing list
>>     Pki-users at redhat.com <mailto:Pki-users at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/pki-users
>>
>>       
>
>
>     _______________________________________________
>     Pki-users mailing list
>     Pki-users at redhat.com <mailto:Pki-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/pki-users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20100215/8119d972/attachment.htm>

More information about the Pki-users mailing list