[Pki-users] Generate certificate for proxy using a PKCS#7 as the CSR

Christina Fu cfu at redhat.com
Mon Jul 22 22:03:05 UTC 2013 

On 07/22/2013 02:14 PM, Taggart, Michelle wrote:
> Hi Christina,
>
> I'm sorry for the confusion, let's skip the PKCS#7, I read the settings wrong ;)
>
> I'm actually trying to generate a certificate that is also an intermediary CA.  Which Certificate Profile should best fit that need?
>

The "Manual Certificate Manager Signing Certificate Enrollment" 
(caCACert profile) is for a generic CA signing cert enrollment. People 
can customize it to fit their own site requirements.
For information on how to do that, you can check the documentation 
(Admin guide specifically):
https://access.redhat.com/site/documentation/Red_Hat_Certificate_System/

Christina

>
> Thanks,
>
> Michelle Taggart
>
>
> ----- Original Message -----
> From: "Christina Fu"<cfu at redhat.com>
> To: pki-users at redhat.com
> Sent: Monday, July 22, 2013 4:56:16 PM
> Subject: Re: [Pki-users] Generate certificate for proxy using a PKCS#7 as the CSR
>
> Dogtag only supports CSR in the following formats:
> 1. CRMF
> 2. PKCS #10
> 3. CMC with either CRMF or PKCS #10
>
> I am not aware that a CSR can be represented in PKCS #7, but I always
> keep an open mind to learn new (or old) things, so I'd appreciate it if
> you can send us a reference link to the RFC that specifies such CSR
> representation using PKCS #7.  If it gives us enough good reasons to
> support it, we will gladly consider supporting that in the future.
>
> Christina
>
> On 07/22/2013 11:47 AM, Taggart, Michelle wrote:
>> Hi,
>>
>> I'm working on getting a CSR approved through Dogtag 10.0.3 on Fedora Core 19.  The CSR is in PKCS#7 format.  I'm using the Manual Certificate Manager Signing Certificate Enrollment form since I need the certificate to be an intermediary CA.  After submitting the form, I get an "Sorry, your request has been rejected. The reason is "Request Rejected - {0}" error.  Any ideas on what's causing this?
>>
>>
>>
>> Thanks,
>>
>> Michelle Taggart
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list