[Pki-users] cloning a CA fails
Alexander Jung
alexander.w.jung at gmail.com
Tue Sep 13 15:39:14 UTC 2011
Hello,
in the meantime i got it working. The problem was the master CA setup: after
instantating the ca the certs have been replaced by the certs from another
instance - but the entires clone*.privkey.id had not been updated.
After recognizing this I only had to match the (unsigned) output of certutil
-K with the (signed) params in CS.cfg. I did this by inserting some
"System.out.println" into com.netscape.cmsutil.crypto.CryptoUtil
findPrivateKeyFromID() and patching the new .class-File into the .jar-file.
Watching the catalina.out while trying to clone the ca gave then all needed
infos.
Another fresh install after that completed without problems.
Yours,
Alexander Jung
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20110913/51fda76b/attachment.htm>
More information about the Pki-users
mailing list