[Pki-users] Anybody got dual kay certs and key archiving working with Dogtag?

Aleksander Adamowski aleksander.adamowski at altkom.pl
Thu May 15 17:48:57 UTC 2008 

Hi!

I've set up pki-ca, pki-ocsp, pki-ra and pki-kra.

However, it seems that pki-kra doesn't archive any keys.

I've tested it with the following profiles when issuing certificates:

Using the CA instance:
 * caUserCert (Manual User Dual-Use Certificate Enrollment) - I know, it 
won't work, it's Dual-Use, not Dual-Key. However, the protocol used is CRMF.
 * caDirUserCert (Directory-Authenticated User Dual-Use Certificate 
Enrollment) - another Dual-Use, not Dual-Key. But CRMF-based.
 * caDualRAuserCert (RA Agent-Authenticated User Certificate Enrollment) 
- they don't write what "Dual" means here. Is it Dual-Use too?

Using the RA instance:
 * caDualRAuserCert (RA Agent-Authenticated User Certificate Enrollment) 
- it has "Dual" in its name...


So it seems that there's potential confusion over which "Dual" is 
implied in the profile names (does it correspond to key usage, or the 
amount of keys?).

Based on my experiments, either all those profiles are single key, or my 
client doesn't support dual key generation (it's Firefox 3 nightly build).



So the question is - what combination of certificate profiles and client 
(web browser) versions allows for generating dual key certificates whose 
keys will be correctly archived by KRA/DRM?



-- 

Best Regards,
    Aleksander Adamowski
        GG#: 274614
        ICQ UIN: 19780575 
	http://olo.org.pl

--
Aleksander Adamowski
    Administrator systemów korporacyjnych; Instruktor
    Altkom Akademia S.A. http://www.altkom.pl
    Warszawa, ul. Chłodna 51
    tel. brak
    kom. +48 601-318-080

Sąd Rejonowy dla m.st. Warszawy w Warszawie, XII Wydział Gospodarczy Krajowego Rejestru Sądowego,
KRS: 0000120139, NIP 118-00-08-391, Kapitał zakładowy: 1000 000 PLN.  Adres rejestrowy Firmy - ul. Stawki 2, 00-193 Warszawa.
Niniejsza wiadomość zawiera informacje zastrzeżone i stanowiące tajemnicę przedsiębiorstwa firmy Altkom Akademia S.A.
Ujawnianie tych informacji osobom trzecim lub nieuprawnione wykorzystanie ich do własnych celów jest zabronione.
Jeżeli otrzymaliście Państwo niniejszą wiadomość omyłkowo, prosimy o niezwłoczne skontaktowanie się z nadawcą oraz usunięcie wszelkich kopii niniejszej wiadomości.
This message contains proprietary information and trade secrets of Altkom Akademia S.A. company.
Unauthorized use or disclosure of this information to any third party is prohibited.
If you received this message by mistake, please contact the sender immediately and delete all copies of this message.

More information about the Pki-users mailing list