[Pki-users] Generate certificate for proxy using a PKCS#7 as the CSR
Taggart, Michelle
mdemansana at philasd.org
Mon Jul 22 22:17:14 UTC 2013
I did see that. I tried to submit the CSR into the Manual Certificate Manager Signing Certificate Enrollment form but it keeps on failing, with the following message in the ee:
Certificate Profile
Sorry, your request has been rejected. The reason is "Request Rejected - {0}"
And here's the message/entry within the Agent page:
Request Information
Request ID: 35
Request Type: enrollment
Request Status: rejected
Requestor Host: null
Assigned To:
Creation Time: Mon Jul 22 18:12:09 EDT 2013
Modification Time: Mon Jul 22 18:12:09 EDT 2013
Certificate Profile Information
Certificate Profile Id: caCACert
Approved By: admin
Certificate Profile Name: Manual Certificate Manager Signing Certificate Enrollment
Certificate Profile Description: This certificate profile is for enrolling Certificate Authority certificates.
Additional Notes
Certificate Profile Inputs
Id Input Names Input Values
cert_request_type Certificate Request Type pkcs10
cert_request Certificate Request -----BEGIN CERTIFICATE REQUEST----- MIIB9DCCAV0CAQAwgYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJQQTEOMAwGA1UE BxMFUGhpbGExDDAKBgNVBAoTA1NEUDELMAkGA1UECxMCVFMxITAfBgNVBAMTGHBy b3h5LmNhLm5vYy5waGlsYXNkLm5ldDEfMB0GCSqGSIb3DQEJARYQdGVzdEBwaGls YXNkLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3KwR0oL7P3MMG7tT e6mjSEO2FeE48zUJXtUUpyKK+5NNQUiBSpt6R4yj4oKO8vfQ6Qdt3l6YGH8Ro33x TlccgPB1nWOPcaCPE5dC+l5+bigOEFVj1CtHA9iARnMqb2f4E1kSik4ZcI5pM+Q4 mogs4jVP/IIF9Go8gUy9vSQbnS0CAwEAAaAqMBIGCSqGSIb3DQEJAjEFFgNTRFAw FAYJKoZIhvcNAQkHMQcTBTEyMzQ1MA0GCSqGSIb3DQEBBQUAA4GBAAuRGYp7izMN cG9hPXjsKONLXNez05IVcvsgQLNkUXeuID88oXXW2CPHCLoA1mEf0A7I2zgAz4t3 FE7SOCFf3o5kkSrh4ZSsC//GJjmQfKYRRp9HC2o3hUDTTLnRp3ugiN6J6XfvSIyR OXeuevCypLnrbxnYdxUMLNCHiwbTCuf+ -----END CERTIFICATE REQUEST-----
requestor_name Requestor Name test
requestor_email Requestor Email test at philasd.net
requestor_phone Requestor Phone
I can't find any other reason for the rejection, is there a log file for it?
Thanks,
Michelle Taggart
x5166
----- Original Message -----
From: "Christina Fu" <cfu at redhat.com>
To: pki-users at redhat.com
Sent: Monday, July 22, 2013 6:03:05 PM
Subject: Re: [Pki-users] Generate certificate for proxy using a PKCS#7 as the CSR
On 07/22/2013 02:14 PM, Taggart, Michelle wrote:
> Hi Christina,
>
> I'm sorry for the confusion, let's skip the PKCS#7, I read the settings wrong ;)
>
> I'm actually trying to generate a certificate that is also an intermediary CA. Which Certificate Profile should best fit that need?
>
The "Manual Certificate Manager Signing Certificate Enrollment"
(caCACert profile) is for a generic CA signing cert enrollment. People
can customize it to fit their own site requirements.
For information on how to do that, you can check the documentation
(Admin guide specifically):
https://access.redhat.com/site/documentation/Red_Hat_Certificate_System/
Christina
>
> Thanks,
>
> Michelle Taggart
>
>
> ----- Original Message -----
> From: "Christina Fu"<cfu at redhat.com>
> To: pki-users at redhat.com
> Sent: Monday, July 22, 2013 4:56:16 PM
> Subject: Re: [Pki-users] Generate certificate for proxy using a PKCS#7 as the CSR
>
> Dogtag only supports CSR in the following formats:
> 1. CRMF
> 2. PKCS #10
> 3. CMC with either CRMF or PKCS #10
>
> I am not aware that a CSR can be represented in PKCS #7, but I always
> keep an open mind to learn new (or old) things, so I'd appreciate it if
> you can send us a reference link to the RFC that specifies such CSR
> representation using PKCS #7. If it gives us enough good reasons to
> support it, we will gladly consider supporting that in the future.
>
> Christina
>
> On 07/22/2013 11:47 AM, Taggart, Michelle wrote:
>> Hi,
>>
>> I'm working on getting a CSR approved through Dogtag 10.0.3 on Fedora Core 19. The CSR is in PKCS#7 format. I'm using the Manual Certificate Manager Signing Certificate Enrollment form since I need the certificate to be an intermediary CA. After submitting the form, I get an "Sorry, your request has been rejected. The reason is "Request Rejected - {0}" error. Any ideas on what's causing this?
>>
>>
>>
>> Thanks,
>>
>> Michelle Taggart
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list