[Pki-users] change Root CA's Validity
David (Dave) Donnan
david.donnan at thalesgroup.com
Mon Feb 15 14:57:05 UTC 2010
Immediately after ‘yum install’ and before launching the following URL,
in your Browser, run the following script,
http://dogtag.x.y:9080/ca/admin/console/config/login?pin=wefcqIpLK76vmfs7Pjye
<http://dogtag.theresis.thales:9080/ca/admin/console/config/login?pin=wefcqIpLK76vmfs7Pjye>
Cdlt, Dave
--------
Erwin Himawan wrote:
> Dave,
>
> It is a good and useful script. Where should the script be run?
> After creating pki-ca instance and prior to configuring the pki-ca
> instance?
>
> Thanks,
> Erwin
>
> On Fri, Feb 12, 2010 at 6:06 AM, David (Dave) Donnan
> <david.donnan at thalesgroup.com <mailto:david.donnan at thalesgroup.com>>
> wrote:
>
> Fu-Jyh Luo hello. This might be overkill but you're welcome to it.
>
> I think the default cert expiry period with CMS is 2 years – way
> too short. This script enables 7300 days = 20 years, rather.
>
>
>
> #!/bin/bash
>
> #
>
> # COMPONENT_NAME: ca-delta-range.sh
>
> #
>
> # HISTORY: Version 1.0 2008/10 Dave (David) Donnan
>
> #
>
>
>
> cd /var/lib/pki-ca/profiles/ca
>
> for file in *.cfg; do
>
> echo $file
>
> cp -p $file $file.pre7300
>
> sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
>
> chmod 755 $file
>
> chown pkiuser:pkiuser $file
>
> done
>
>
>
> cd /var/lib/pki-ca/conf
>
> for file in *.profile; do
>
> echo $file
>
> cp -p $file $file.pre7300
>
> sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
>
> chmod 755 $file
>
> chown pkiuser:pkiuser $file
>
> done
>
> # end
>
>
>
>
>
> Similarly, I wrote kra-dra-delta-range.sh to be used later:
>
>
>
> #!/bin/bash
>
> #
>
> # COMPONENT_NAME: kra-dra-delta-range.sh
>
> #
>
> # HISTORY: Version 1.0 2008/10 Dave (David) Donnan Original
>
> #
>
> #
>
>
>
> cd /var/lib/pki-kra/conf
>
> for file in *.profile; do
>
> echo $file
>
> cp -p $file $file.pre7300
>
> sed 's/range=[0-9]*/range=7300/' $file.pre7300 > $file
>
> chmod 755 $file
>
> chown pkiuser:pkiuser $file
>
> done
>
> # end
>
> Fu-Jyh Luo wrote:
>> Dear All,
>>
>> I installed DogTag. The default validity of ROOT CA is 2 years. Is a way to change the ROOT CA's validity during the configuration wizard?
>>
>> Thanks,
>> Fu-Jyh Luo
>>
>>
>>
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com <mailto:Pki-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com <mailto:Pki-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/pki-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20100215/8119d972/attachment.htm>
More information about the Pki-users
mailing list