From edewata at redhat.com Thu Apr 5 22:03:13 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 5 Apr 2018 18:03:13 -0400 (EDT) Subject: [Pki-users] JSS 4.4.3 In-Reply-To: <611880414.18216689.1522964911121.JavaMail.zimbra@redhat.com> Message-ID: <122429976.18217622.1522965793136.JavaMail.zimbra@redhat.com> Hi, JSS 4.4.3 is now available upstream: https://hg.mozilla.org/projects/jss Fedora 28 build is available via the following update: https://bodhi.fedoraproject.org/updates/jss-4.4.3-1.fc28 Fedora Rawhide build is available in Koji. Fedora 27 build is available in this COPR repository: https://copr.fedorainfracloud.org/coprs/g/pki/10.6/ Thanks. -- Endi S. Dewata From edewata at redhat.com Thu Apr 12 02:28:59 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 11 Apr 2018 22:28:59 -0400 (EDT) Subject: [Pki-users] PKI 10.6.0 Release Candidate In-Reply-To: <391813167.20097295.1523500117057.JavaMail.zimbra@redhat.com> Message-ID: <792286138.20097309.1523500139429.JavaMail.zimbra@redhat.com> Hi, PKI 10.6.0 Release Candidate is now available upstream: https://github.com/dogtagpki/pki/releases/tag/v10.6.0-rc Fedora 28 builds are available via the following update: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c7037b0da Fedora Rawhide builds are available in Koji. Fedora 27 builds are available in this COPR repository: https://copr.fedorainfracloud.org/coprs/g/pki/10.6/ Thanks. -- Endi S. Dewata From edewata at redhat.com Thu Apr 12 22:06:57 2018 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 12 Apr 2018 18:06:57 -0400 (EDT) Subject: [Pki-users] TomcatJSS 7.3.0 Release Candidate In-Reply-To: <901156277.20488131.1523570380613.JavaMail.zimbra@redhat.com> Message-ID: <914937332.20489361.1523570817461.JavaMail.zimbra@redhat.com> Hi, TomcatJSS 7.3.0 Release Candidate is now available upstream: https://github.com/dogtagpki/tomcatjss/releases/tag/v7.3.0-rc Fedora 28 build is available via the following update: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a52fb8dd30 Fedora Rawhide build is available in Koji. Fedora 27 build is available in this COPR repository: https://copr.fedorainfracloud.org/coprs/g/pki/10.6/ Thanks. -- Endi S. Dewata From mirkt at sapnas.net Fri Apr 27 12:46:26 2018 From: mirkt at sapnas.net (mirkt) Date: Fri, 27 Apr 2018 15:46:26 +0300 Subject: [Pki-users] Dogtag: configuring OCSP URI Message-ID: <2c05766b-0480-70bd-78f8-5463c635d592@sapnas.net> Hello, I am new to Dogtag. I would like to deploy it as CA for internal services only. Any ideas how to change default OCSP URI for all certificates? I mean not only for issued ones as in here: https://www.redhat.com/archives/pki-users/2015-July/msg00005.html but also for those generated during installation (CA Signing certificate and so on..)? What I want is: Dogtag listening on default ports (8080,8443..) and apache with mod_proxy listening on 80 so I could control (firewall) who can access Dogtag WebUI but allow all OCSP requests.. I need non default OCSP URI (with :8080 part removed) on all certificates.. Any suggestions how could I achieve that? Thank you in advance mirkt From jmagne at redhat.com Fri Apr 27 18:08:02 2018 From: jmagne at redhat.com (John Magne) Date: Fri, 27 Apr 2018 14:08:02 -0400 (EDT) Subject: [Pki-users] Dogtag: configuring OCSP URI In-Reply-To: <2c05766b-0480-70bd-78f8-5463c635d592@sapnas.net> References: <2c05766b-0480-70bd-78f8-5463c635d592@sapnas.net> Message-ID: <279307000.18478539.1524852482540.JavaMail.zimbra@redhat.com> Hello: I believe you could modify the setting in your link for every kind of certificate profile that you care about. The AIA extension. The profiles are stored with each instance roughly here: /var/lib/pki/pki-tomcat/ca/profiles/ca ----- Original Message ----- > From: "mirkt" > To: pki-users at redhat.com > Sent: Friday, April 27, 2018 5:46:26 AM > Subject: [Pki-users] Dogtag: configuring OCSP URI > > Hello, > > I am new to Dogtag. I would like to deploy it as CA for internal > services only. Any ideas how to change default OCSP URI for all > certificates? I mean not only for issued ones as in here: > https://www.redhat.com/archives/pki-users/2015-July/msg00005.html > > but also for those generated during installation (CA Signing certificate > and so on..)? > > What I want is: Dogtag listening on default ports (8080,8443..) and > apache with mod_proxy listening on 80 so I could control (firewall) who > can access Dogtag WebUI but allow all OCSP requests.. > > I need non default OCSP URI (with :8080 part removed) on all > certificates.. Any suggestions how could I achieve that? > > Thank you in advance > mirkt > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users >