[Pki-users] Pki-users Digest, Vol 76, Issue 1
sbernst at gmail.com
sbernst at gmail.com
Tue Jul 1 19:10:04 UTC 2014
Christina,
Thank you so much for the help! :-)
Steven
From: pki-users-request at redhat.com
Sent: Tuesday, July 1, 2014 11:00 AM
To: pki-users at redhat.com
Send Pki-users mailing list submissions to
pki-users at redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/pki-users
or, via email, send a message with subject or body 'help' to
pki-users-request at redhat.com
You can reach the person managing the list at
pki-users-owner at redhat.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pki-users digest..."
Today's Topics:
1. Re: ECC entity certificate signing and Dogtag (Christina Fu)
----------------------------------------------------------------------
Message: 1
Date: Mon, 30 Jun 2014 11:15:24 -0700
From: Christina Fu <cfu at redhat.com>
To: pki-users at redhat.com
Subject: Re: [Pki-users] ECC entity certificate signing and Dogtag
Message-ID: <53B1A93C.5090005 at redhat.com>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Hi Steven,
NSS softtoken provides ECC on F20 out of box
(https://bugzilla.redhat.com/show_bug.cgi?id=1019244 ).
During installation, you just want to make sure that you select the
right option accordingly.
On the client side, the current firefox version supports CRMF key gen
with EC. You can try it on one of the enrollment profiles at the EE port.
From the CLI, certutil works well. You can do something like the
following to get PKCS#10:
certutil -d . -R -k ec -q nistp256 -s "CN=test2014" -a -o req.test2014
Christina
On 06/27/2014 10:02 AM, sbernst at gmail.com wrote:
> Hi there... It has been suggested that this is likely a question for
> CFU (Christina).
>
> How and where do I get the libraries to get ECC working on DogTag on
> FC20? Specifically looking to sign client side generated PKCS#10 key
> blobs. The Dogtag 10 release from 17 Jan 2013 suggested that this
> might be supported, but Info from the link below says that, "Certicom
> software tokens could not be used because of an issue with malformed
> private keys."
> https://www.redhat.com/archives/pki-users/2013-January/msg00001.html
>
> So what all is required to sign ECC generated requests? (not planning
> on use of TMS interface at this point). I saw that bug Bug 986831 says
> that, "Some tools are broken for ECC with NSS token alone," (from the
> 10.1 release announcement from November of last year
> https://www.redhat.com/archives/pki-users/2013-November/msg00001.html)
> <https://www.redhat.com/archives/pki-users/2013-November/msg00001.html%29>
> but I'm not authorized to view its details. (I mention this to
> demonstrate that I'm trying to do my homework on this issue before
> asking for help.)
>
> Thank you so much, in advance, for any and all help.
>
> - Steven
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.redhat.com/archives/pki-users/attachments/20140630/3e54f20f/attachment.html>
------------------------------
_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
End of Pki-users Digest, Vol 76, Issue 1
****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140701/241f06c1/attachment.htm>
More information about the Pki-users
mailing list