[Pki-users] anyone had a challenge getting crts to publish to the file system?
Kashyap Chamarthy
kchamart at redhat.com
Mon Feb 21 06:54:14 UTC 2011
On 02/20/2011 01:26 AM, Dave Augustus wrote:
> I have a brand new install on Centos 5.5 64.
>
> I can't get it to publish certs to the file system, only LDAP. In pkiconsole, when I first
> access the Publishing area, I get an error message about not being authorized. I am using
> the CA admin account to do this.
Dave,
It'd be more helpful here, if you can provide the log info(CA debug log ideally) when you
see this.
>
> Any ideas?
Though I'm not sure at this point what's blocking you, however I was able to previously
publish Certs(and CRLs) to file system successfully using below procedure:
---------------------------------------------------------------------------------------
1/ Configure CA
2/ Fire up pkiconsole, go to 'Publishing'
3/ Configure a filebased 'Publisher'
+ Add a 'FileBasedPublisher'(say with id 'filepub') with a directory
'/var/lib/pki-ca/filepublishing'
Note:Ensure to create this directory 'filepublishing' under /var/lib/pki* tree, so that
SELinux doesn't complain. If you're creating this directory elsewhere on the file system,
be sure to relabel your SELinux context
4/ Configure 'Rules'
+ Add a new 'Rule'(say "filerule") and select the type as 'certs' , mapper as 'NoMap'
and publisher as 'filepub'(the one we created in step 3 above)
5/ Enable Publshing in pkiconsole
6/ Restart CA instance (do not miss this)
----------------------------------------------------------------------------------------
Now, new certs should be published to your 'var/lib/pki-ca/filepublishing' directory.
hope that helps.
>
> Thanks,
> Dave
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
--
/kashyap
More information about the Pki-users
mailing list