[Pki-users] Can OpensSSL be used as external CA ?
kritee jhawar
kriteejhawar at gmail.com
Tue Oct 28 02:55:14 UTC 2014
Hi Christina
I was undertaking this activity last month where Microsoft CA didn't work
out but Dogtag as external CA did.
While using Microsoft CA or OpenSSL CA, pki spawn goes through without any
error but dogtag stops communications to 389ds. Upon calling the rest Api
/ca/rest/certs I get a "PKIException error listing the certs".
Is there a particular format for the ca cert chain that we need to provide
? I was trying to reverse engineer the chain provided by dogtag.
Thanks
Kritee
On Monday, 27 October 2014, Christina Fu <cfu at redhat.com> wrote:
> If you meant the following two:
> https://fedorahosted.org/pki/ticket/1190 CA: issuer DN encoding not
> preserved at issuance with signing cert signed by an external CA
> https://fedorahosted.org/pki/ticket/1110 - pkispawn (configuration) does
> not provide CA extensions in subordinate certificate signing requests (CSR)
>
> They have just recently been fixed upstream so I imagine you could use
> Microsoft CA now. Theoretically any other CA can be used as an external
> CA, but if you run into issues, please feel free to report.
>
> Christina
>
>
> On 10/27/2014 12:15 AM, kritee jhawar wrote:
>
> Hi
>
> In my recent thread i read that there is a bug due to which Microsoft CA
> can't work as external CA for dogtag.
> Can OpenSSL be used ?
>
> Thanks
> Kritee
>
>
> _______________________________________________
> Pki-users mailing listPki-users at redhat.com <javascript:_e(%7B%7D,'cvml','Pki-users at redhat.com');>https://www.redhat.com/mailman/listinfo/pki-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20141028/b6b760bb/attachment.htm>
More information about the Pki-users
mailing list