[Pki-users] cloning a CA fails
Alexander Jung
alexander.w.jung at gmail.com
Wed Sep 14 08:19:40 UTC 2011
ok,
find my howto at
http://pki.fedoraproject.org/wiki/Fix_clone*.privkey.id_entries_in_CS.cfg_to_reenable_cloning
Mit freundlichen Grüßen,
Alexander Jung
2011/9/13 Andrew Wnuk <awnuk at redhat.com>
> **
> Hi Alexander,
>
> Would be kind enough to add your solution to Dogtag's "How Tos"?
> http://pki.fedoraproject.org/wiki/PKI_How_To
>
> Thank you,
> Andrew
>
>
>
> On 09/13/2011 08:39 AM, Alexander Jung wrote:
>
> Hello,
>
> in the meantime i got it working. The problem was the master CA setup:
> after instantating the ca the certs have been replaced by the certs from
> another instance - but the entires clone*.privkey.id had not been updated.
>
> After recognizing this I only had to match the (unsigned) output of
> certutil -K with the (signed) params in CS.cfg. I did this by inserting some
> "System.out.println" into com.netscape.cmsutil.crypto.CryptoUtil
> findPrivateKeyFromID() and patching the new .class-File into the .jar-file.
> Watching the catalina.out while trying to clone the ca gave then all needed
> infos.
>
> Another fresh install after that completed without problems.
>
> Yours,
>
> Alexander Jung
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.comhttps://www.redhat.com/mailman/listinfo/pki-users
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20110914/62112b1e/attachment.htm>
More information about the Pki-users
mailing list