[Pki-users] Java Crypto Libraries and CMC

Ade Lee alee at redhat.com
Thu May 22 14:45:53 UTC 2014 

I'm  not sure what other tools are available on Solaris, but it should
be possible to use the Red Hat tools on Solaris.

Here is how I would do it:
1) Look at the contents of pki-tools, and copy those files over to your
solaris machine.  If I recall correctly, there are packages that allow
you to install a rpm on solaris.  You basically need the jars and
scripts.

2) Each of the tools is started by a script.  This script basically sets
up a command line that invokes java with the right arguments and
environment variables.  You will likely need to modify the script to set
the right paths for the jar files and java runtime.

Ade

On Wed, 2014-05-14 at 16:48 +0000, Elliott William C OSS sIT wrote:
> Solaris. I had assumed, since CMC was a standard, there would be some support for it on several platforms - and especially java.
> 
> Bill
> 
> -----Original Message-----
> From: Ade Lee [mailto:alee at redhat.com] 
> Sent: Mittwoch, 14. Mai 2014 15:53
> To: Elliott William C OSS sIT
> Cc: pki-users at redhat.com
> Subject: Re: [Pki-users] Java Crypto Libraries and CMC [bayes]
> 
> Which operating systems are you considering?  The Red Hat tools are all
> written in Java - so potentially they might be usable on those other OS.
> 
> Ade
> On Wed, 2014-05-14 at 08:42 +0000, Elliott William C OSS sIT wrote:
> > Hi,
> > 
> > We use the Redhat tools already for batch processing (CMCEnroll,AtoB, etc.).  That's fine on RHEL, but we to create requests from applications running on other operating systems (and not MS) and have these processed synchronously. The developers need to use Java. CMC has been around awhile, but support for it doesn't seem to be so widespread. (MS apparently can also) We also use SCEP, but that protocol seems to be a dead-end - even the rfc states that CMC is to be preferred. 
> > 
> > 
> > thanks,
> > William Elliott
> > 
> > -----Original Message-----
> > From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Niranjan M.R
> > Sent: Mittwoch, 14. Mai 2014 09:17
> > To: pki-users at redhat.com
> > Subject: Re: [Pki-users] Java Crypto Libraries and CMC [heur]
> > 
> > On 05/14/2014 12:15 PM, Elliott William C OSS sIT wrote:
> > > Hello,
> > > 
> > >  
> > > 
> > > Could someone recommend Java libraries for creating CMC Requests? I'm
> > > not a programmer, but it doesn't look as if JCE provides the necessary
> > > tools.  The only one I found that might is Bouncy Castle - it does CMS,
> > > but I'm not sure if it's enough to form CMC requests.
> > 
> > I am not aware of libraries, but have you tried CMCRequest which is part
> > of pki-tools package.
> > 
> > Documentation:
> > 
> > https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Command-Line_Tools_Guide/CMC_Request.html
> > 
> > I have not tried this on Dogtag 10 yet, but last i tried for CS 8.1
> > it worked as below
> > 
> > A. Create CRMF Request (using CRMFPopClient)
> > 
> > B. Create a configuration file with parameters as mentioned in the above
> > link.
> > 
> > C. Run CMCRequest
> > $ CMCRequest <cfg file>
> > 
> > The CMCRequest will be saved in the output file mentioned in cfg file.
> > > 
> > >  
> > > 
> > > Can agent authenticated CMC enrollment in Dogtag support more than one
> > > certificate profile? Could the CMC servlet be "duplicated" and renamed
> > > in the web.xml and connected to a second certificate profile?
> > > 
> > >  
> > > 
> > > Thanks in advance for any tips!
> > > 
> > >  
> > > 
> > > best regards,
> > > 
> > >  
> > > 
> > > William Elliott
> > > 
> > > s IT Solutions
> > > 
> > > Open System Services
> > > 
> > >  
> > > 
> > > s IT Solutions AT Spardat GmbH
> > > 
> > >  
> > > 
> > > mailto:william.elliott at s-itsolutions.at
> > > 
> > > www.s-itsolutions.com <http://www.s-itsolutions.com/>
> > > 
> > >  
> > > 
> > > Head Office: Vienna Commercial Register No.: 152289f Commercial Court of
> > > Vienna
> > > 
> > >  
> > > 
> > > This message and any attached files are confidential and intended solely
> > > for the addressee(s). Any publication, transmission or other use of the
> > > information by a person or entity other than the intended addressee is
> > > prohibited. If you receive this in error please contact the sender and
> > > delete the material. The sender does not accept liability for any errors
> > > or omissions as a result of the transmission.
> > > 
> > >  
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Pki-users mailing list
> > > Pki-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/pki-users
> > > 
> > 
> > 
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
> > 
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
>

More information about the Pki-users mailing list