[Pki-users] anyone had a challenge getting crts to publish to the file system?

Dave Augustus davea at ingraftedsoftware.com
Mon Feb 21 15:45:45 UTC 2011 


On Feb 21, 2011, at 12:54 AM, Kashyap Chamarthy <kchamart at redhat.com> wrote:

> On 02/20/2011 01:26 AM, Dave Augustus wrote:
>> I have a brand new install on Centos 5.5 64.
>> 
>> I can't get it to publish certs to the file system, only LDAP. In pkiconsole, when I first
>> access the Publishing area, I get an error message about not being authorized. I am using
>> the CA admin account to do this.
> 
> Dave,
> It'd be more helpful here, if you can provide the log info(CA debug log ideally) when you see this.

>> 
>> Any ideas?
> 
> Though I'm not sure at this point what's blocking you, however I was able to previously publish Certs(and CRLs) to file system successfully using below procedure:
> 
> ---------------------------------------------------------------------------------------
> 1/ Configure CA
> 
> 2/ Fire up pkiconsole, go to 'Publishing'

This is where I get the error "you are not authorized to perform this operation". I disabled selinux still got same error. Are you on irc?
> 
> 3/ Configure a filebased 'Publisher'
>    + Add a 'FileBasedPublisher'(say with id 'filepub') with a directory '/var/lib/pki-ca/filepublishing'
> 
> Note:Ensure to create this directory 'filepublishing' under /var/lib/pki* tree, so that SELinux doesn't complain. If you're creating this directory elsewhere on the file system, be sure to relabel your SELinux context
> 
> 4/ Configure 'Rules'
>   + Add a new 'Rule'(say "filerule") and select the type as 'certs' , mapper as 'NoMap' and publisher as 'filepub'(the one we created in step 3 above)
> 
> 5/ Enable Publshing in pkiconsole
> 
> 6/ Restart CA instance (do not miss this)
> ----------------------------------------------------------------------------------------
> 
> Now, new certs should be published to your 'var/lib/pki-ca/filepublishing' directory.
> 
> hope that helps.
> 
> 
> 
>> 
>> Thanks,
>> Dave
>> 
>> 
>> 
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
> 
> 
> -- 
> /kashyap

More information about the Pki-users mailing list