From anater78 at gmail.com Sun Jan 21 17:11:11 2018 From: anater78 at gmail.com (anater dembelov) Date: Sun, 21 Jan 2018 20:11:11 +0300 Subject: [Pki-users] Issuing a subordinate CA certificate Message-ID: Hello! Tell me please! I need to release SubCA in the Dogtag. And then with this SubCA certificate sign the CSR. So I will have to get a chain of certificates. How can I do this in Dogtag? Is there an instruction manual? Best regards. Anatoly -------------- next part -------------- An HTML attachment was scrubbed... URL: From Florian.Supper at s-itsolutions.at Mon Jan 22 05:50:28 2018 From: Florian.Supper at s-itsolutions.at (Supper Florian 6342 sIT) Date: Mon, 22 Jan 2018 06:50:28 +0100 Subject: [Pki-users] Issuing a subordinate CA certificate In-Reply-To: References: Message-ID: Hi, http://pki.fedoraproject.org/wiki/PKI_Install_Guide http://pki.fedoraproject.org/wiki/Quick_Start http://pki.fedoraproject.org/wiki/Installing_CA BR -----Urspr?ngliche Nachricht----- Von: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] Im Auftrag von anater dembelov Gesendet: Sonntag, 21. J?nner 2018 18:11 An: Endi Sukma Dewata; pki-users at redhat.com Betreff: [Pki-users] Issuing a subordinate CA certificate [phishing][bayes][heur][dkim][html-removed] Hello! Tell me please! I need to release SubCA in the Dogtag. And then with this SubCA certificate sign the CSR. So I will have to get a chain of certificates. How can I do this in Dogtag? Is there an instruction manual? Best regards. Anatoly _______________________________________________ Pki-users mailing list Pki-users(at)redhat . com https : / / www . redhat . com / mailman / listinfo / pki-users From anater78 at gmail.com Mon Jan 22 08:48:34 2018 From: anater78 at gmail.com (anater dembelov) Date: Mon, 22 Jan 2018 11:48:34 +0300 Subject: [Pki-users] Issuing a subordinate CA certificate In-Reply-To: References: Message-ID: Good afternoon! It's not that. I need the ability to support both the rootCA and the subCA on a single dogtag server. It is necessary to issue certificates signed by rootCA, and SubCA. 2018-01-22 8:50 GMT+03:00 Supper Florian 6342 sIT < Florian.Supper at s-itsolutions.at>: > Hi, > > http://pki.fedoraproject.org/wiki/PKI_Install_Guide > > http://pki.fedoraproject.org/wiki/Quick_Start > > http://pki.fedoraproject.org/wiki/Installing_CA > > BR > > -----Urspr?ngliche Nachricht----- > Von: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] > Im Auftrag von anater dembelov > Gesendet: Sonntag, 21. J?nner 2018 18:11 > An: Endi Sukma Dewata; pki-users at redhat.com > Betreff: [Pki-users] Issuing a subordinate CA certificate > [phishing][bayes][heur][dkim][html-removed] > > Hello! > > Tell me please! > > I need to release SubCA in the Dogtag. > And then with this SubCA certificate sign the CSR. > So I will have to get a chain of certificates. > How can I do this in Dogtag? > > Is there an instruction manual? > > Best regards. > Anatoly > _______________________________________________ > Pki-users mailing list > Pki-users(at)redhat . com > https : / / www . redhat . com / mailman / listinfo / pki-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gkapoor at redhat.com Mon Jan 22 08:55:19 2018 From: gkapoor at redhat.com (Geetika Kapoor) Date: Mon, 22 Jan 2018 14:25:19 +0530 Subject: [Pki-users] Issuing a subordinate CA certificate In-Reply-To: References: Message-ID: <5A65A6F7.4040800@redhat.com> Hi, I think you need to setup a RootCA which is dogtag (http://pki.fedoraproject.org/wiki/Installing_CA) and then try to setup another CA which is signed by the RootCA i.e SubCA(http://pki.fedoraproject.org/wiki/Installing_Subordinate_CA). Hope that helps!! Thanks Geetika On 01/22/2018 02:18 PM, anater dembelov wrote: > Good afternoon! > > It's not that. > I need the ability to support both the rootCA and the subCA on a > single dogtag server. > It is necessary to issue certificates signed by rootCA, and SubCA. > > 2018-01-22 8:50 GMT+03:00 Supper Florian 6342 sIT > >: > > Hi, > > http://pki.fedoraproject.org/wiki/PKI_Install_Guide > > > http://pki.fedoraproject.org/wiki/Quick_Start > > > http://pki.fedoraproject.org/wiki/Installing_CA > > > BR > > -----Urspr?ngliche Nachricht----- > Von: pki-users-bounces at redhat.com > > [mailto:pki-users-bounces at redhat.com > ] Im Auftrag von anater dembelov > Gesendet: Sonntag, 21. J?nner 2018 18:11 > An: Endi Sukma Dewata; pki-users at redhat.com > > Betreff: [Pki-users] Issuing a subordinate CA certificate > [phishing][bayes][heur][dkim][html-removed] > > Hello! > > Tell me please! > > I need to release SubCA in the Dogtag. > And then with this SubCA certificate sign the CSR. > So I will have to get a chain of certificates. > How can I do this in Dogtag? > > Is there an instruction manual? > > Best regards. > Anatoly > _______________________________________________ > Pki-users mailing list > Pki-users(at)redhat . com > https : / / www . redhat . com / mailman / listinfo / pki-users > > > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From ftweedal at redhat.com Tue Jan 23 05:39:48 2018 From: ftweedal at redhat.com (Fraser Tweedale) Date: Tue, 23 Jan 2018 16:39:48 +1100 Subject: [Pki-users] Issuing a subordinate CA certificate In-Reply-To: References: Message-ID: <20180123053848.GM13383@T470s> On Sun, Jan 21, 2018 at 08:11:11PM +0300, anater dembelov wrote: > Hello! > > Tell me please! > > I need to release SubCA in the Dogtag. > And then with this SubCA certificate sign the CSR. > So I will have to get a chain of certificates. > How can I do this in Dogtag? > > Is there an instruction manual? > > Best regards. > Anatoly Hi Anatoly, The "lightweight sub-CAs" feature lets you host sub-CAs within an existing Dogtag instance: http://pki.fedoraproject.org/wiki/Lightweight_sub-CAs Use the `pki ca-authority' CLI commands to create and manage lightweight CAs. This feature was developed for FreeIPA to use, so it is not documented as a standalone feature of Dogtag. It is also not a supported part of standalone RHCS deployments. But most of what you need should be in the link above or discernable from the `pki ca-authority' CLI commands available to you. Feel free to reply with any follow-up questions you have. Cheers, Fraser