Dogtag Certificate System 9.0 release…

Late post  by a couple of weeks, but still…  Dogtag Certificate System  team announced the release of 9.0 release (for Fedora -15)

Release Notes can be found here.

To try out on your Fedora-15 system:

1/ Install the pre-requisites (389-ds ldap instance) :

 # yum install 389-ds-base -y

2/ Configure the 389-ds instance by running( accept all the default/typical options.) :

 # /usr/sbin/setup-ds.pl

3/ Install the dogtag certificate system CA(certificate Authority) package.

# yum install pki-ca pki-silent -y

(NOTE:  To get all Dogtag CS packages, use — # yum install dogtag-pki -y )

4/ Create a Certificate Authority(CA) instance using ‘pkicreate’ tool. I placed the default CA instance create script in a simple file noted below:

# wget http://kashyapc.fedorapeople.org/dogtag-pki/instance-create-scripts/ca.bash
 # chmod +x ca.bash
 #./ca.bash
 (CA instance should be successfully created.)

5/ Now, let’s configure the previously created CA instance. There are 2 ways to configure an instance:  One – via the browser ; the other, using ‘pkisilent’ tool to silently configure the CA.
For illustration purposes, let’s go the  ‘pkisilent’ route. I composed a sanitized  pkisilent configuration script for CA here — http://kashyapc.fedorapeople.org/dogtag-pki/pkisilent-scripts/ca-silent.bash.
Also, before you try the ‘ca-silent.bash’  – replace the passwords in the script accordingly.

# wget http://kashyapc.fedorapeople.org/dogtag-pki/pkisilent-scripts/ca-silent.bash 
# chmod +x ca.bash 
# ./ca-silent.bash 
# service pki-cad restart
# service pki-cad status
 pki-ca (pid 1418) is running...                            [  OK  ]
 Unsecure Port       = http://lovelock1.foo.bar.com:9180/ca/ee/ca
 Secure Agent Port   = https://lovelock1.foo.bar.com:9443/ca/agent/ca
 Secure EE Port      = https://lovelock1.foo.bar.com:9444/ca/ee/ca
 Secure Admin Port   = https://lovelock1.foo.bar.com:9445/ca/services
 EE Client Auth Port = https://lovelock1.foo.bar.com:9446/ca/eeca/ca
 PKI Console Port    = pkiconsole https://lovelock1.foo.bar.com:9445/ca
 Tomcat Port         = 9701 (for shutdown)
PKI Instance Name:   pki-ca
PKI Subsystem Type:  Root CA (Security Domain)
Registered PKI Security Domain Information:
 ==========================================================================
 Name:  silentdom
 URL:   https://lovelock1.foo.bar.com:9445
 ==========================================================================

6/ Now, Let’s try to: [a] Export the CA agent certificate into a p12 file from the temporary NSS db. [b] Install the CA Agent’s certificate into NSS database of the browser(from where CA Agent pages can be invoked):

#####################################
 # certutil -L -d .
Certificate Nickname                                         Trust Attributes
 SSL,S/MIME,JAR/XPI
testnick                                                     P,,
 Certificate Authorityca-t1 - silentdom                       c,c,
 ca-agent                                                     u,u,u
 #
 ####################################
 # /usr/bin/pk12util -o ca-agent.p12 -n "ca-agent" -d /var/tmp/testdb/
 Enter Password or Pin for "NSS Certificate DB":
 Enter password for PKCS12 file:
 Re-enter password:
 pk12util: PKCS12 EXPORT SUCCESSFUL
 #####################################
 # /usr/bin/pk12util -i ca-agent.p12 -d /home/kashyap/.mozilla/firefox/irphredr.default/ 
 #####################################
Advertisements

Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s