[Pki-users] Dogtag: configuring OCSP URI

John Magne jmagne at redhat.com
Fri Apr 27 18:08:02 UTC 2018


Hello:

I believe you could modify the setting in your link for
every kind of certificate profile that you care about.
The AIA extension.

The profiles are stored with each instance roughly here:

/var/lib/pki/pki-tomcat/ca/profiles/ca



----- Original Message -----
> From: "mirkt" <mirkt at sapnas.net>
> To: pki-users at redhat.com
> Sent: Friday, April 27, 2018 5:46:26 AM
> Subject: [Pki-users] Dogtag: configuring OCSP URI
> 
> Hello,
> 
> I am new to Dogtag. I would like to deploy it as CA for internal
> services only. Any ideas how to change default OCSP URI for all
> certificates? I mean not only for issued ones as in here:
> https://www.redhat.com/archives/pki-users/2015-July/msg00005.html
> 
> but also for those generated during installation (CA Signing certificate
> and so on..)?
> 
> What I want is: Dogtag listening on default ports (8080,8443..) and
> apache with mod_proxy listening on 80 so I could control (firewall) who
> can access Dogtag WebUI but allow all OCSP requests..
> 
> I need non default OCSP URI (with :8080 part removed) on all
> certificates.. Any suggestions how could I achieve that?
> 
> Thank you in advance
> mirkt
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
> 




More information about the Pki-users mailing list