[Pki-users] Java Crypto Libraries and CMC
Elliott William C OSS sIT
WilliamC.Elliott at s-itsolutions.at
Wed May 14 08:42:38 UTC 2014
Hi,
We use the Redhat tools already for batch processing (CMCEnroll,AtoB, etc.). That's fine on RHEL, but we to create requests from applications running on other operating systems (and not MS) and have these processed synchronously. The developers need to use Java. CMC has been around awhile, but support for it doesn't seem to be so widespread. (MS apparently can also) We also use SCEP, but that protocol seems to be a dead-end - even the rfc states that CMC is to be preferred.
thanks,
William Elliott
-----Original Message-----
From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Niranjan M.R
Sent: Mittwoch, 14. Mai 2014 09:17
To: pki-users at redhat.com
Subject: Re: [Pki-users] Java Crypto Libraries and CMC [heur]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/14/2014 12:15 PM, Elliott William C OSS sIT wrote:
> Hello,
>
>
>
> Could someone recommend Java libraries for creating CMC Requests? I'm
> not a programmer, but it doesn't look as if JCE provides the necessary
> tools. The only one I found that might is Bouncy Castle - it does CMS,
> but I'm not sure if it's enough to form CMC requests.
I am not aware of libraries, but have you tried CMCRequest which is part
of pki-tools package.
Documentation:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Command-Line_Tools_Guide/CMC_Request.html
I have not tried this on Dogtag 10 yet, but last i tried for CS 8.1
it worked as below
A. Create CRMF Request (using CRMFPopClient)
B. Create a configuration file with parameters as mentioned in the above
link.
C. Run CMCRequest
$ CMCRequest <cfg file>
The CMCRequest will be saved in the output file mentioned in cfg file.
>
>
>
> Can agent authenticated CMC enrollment in Dogtag support more than one
> certificate profile? Could the CMC servlet be "duplicated" and renamed
> in the web.xml and connected to a second certificate profile?
>
>
>
> Thanks in advance for any tips!
>
>
>
> best regards,
>
>
>
> William Elliott
>
> s IT Solutions
>
> Open System Services
>
>
>
> s IT Solutions AT Spardat GmbH
>
>
>
> mailto:william.elliott at s-itsolutions.at
>
> www.s-itsolutions.com <http://www.s-itsolutions.com/>
>
>
>
> Head Office: Vienna Commercial Register No.: 152289f Commercial Court of
> Vienna
>
>
>
> This message and any attached files are confidential and intended solely
> for the addressee(s). Any publication, transmission or other use of the
> information by a person or entity other than the intended addressee is
> prohibited. If you receive this in error please contact the sender and
> delete the material. The sender does not accept liability for any errors
> or omissions as a result of the transmission.
>
>
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
- --
Regards
Niranjan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlNzGH0ACgkQLu3FX2BHx8fgyACfUS117eKiDRtzLfbXo1LM2RbJ
1M4AnRBlIJvEouI2uVDpEM9kBtvyQDaI
=HLMY
-----END PGP SIGNATURE-----
_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list