Here is the output of validation
# certutil -V -u V -d /etc/pki/pki-tomcat/alias -n 'Server-Cert cert-pki-ca' -e
-f /etc/pki/pki-tomcat/alias/pwdfile.txt
certutil: certificate is valid
And for the asn.1 of the Audit, OCSP, Subsystem, and RA certs
$ openssl asn1parse -inform pem -in audit.crt
37:d=5 hl=2 l= 3 prim: OBJECT :organizationName
42:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET
58:d=3 hl=2 l= 30 cons: SET
60:d=4 hl=2 l= 28 cons: SEQUENCE
62:d=5 hl=2 l= 3 prim: OBJECT :commonName
67:d=5 hl=2 l= 21 prim: UTF8STRING :Certificate Authority
90:d=2 hl=2 l= 30 cons: SEQUENCE
92:d=3 hl=2 l= 13 prim: UTCTIME :240403113826Z
107:d=3 hl=2 l= 13 prim: UTCTIME :340401113826Z
122:d=2 hl=2 l= 44 cons: SEQUENCE
124:d=3 hl=2 l= 23 cons: SET
126:d=4 hl=2 l= 21 cons: SEQUENCE
128:d=5 hl=2 l= 3 prim: OBJECT :organizationName
133:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET
149:d=3 hl=2 l= 17 cons: SET
151:d=4 hl=2 l= 15 cons: SEQUENCE
153:d=5 hl=2 l= 3 prim: OBJECT :commonName
158:d=5 hl=2 l= 8 prim: UTF8STRING :CA Audit
$ openssl asn1parse -inform pem -in subsystem.crt
37:d=5 hl=2 l= 3 prim: OBJECT :organizationName
42:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET
58:d=3 hl=2 l= 30 cons: SET
60:d=4 hl=2 l= 28 cons: SEQUENCE
62:d=5 hl=2 l= 3 prim: OBJECT :commonName
67:d=5 hl=2 l= 21 prim: UTF8STRING :Certificate Authority
90:d=2 hl=2 l= 30 cons: SEQUENCE
92:d=3 hl=2 l= 13 prim: UTCTIME :240403113547Z
107:d=3 hl=2 l= 13 prim: UTCTIME :340401113547Z
122:d=2 hl=2 l= 48 cons: SEQUENCE
124:d=3 hl=2 l= 23 cons: SET
126:d=4 hl=2 l= 21 cons: SEQUENCE
128:d=5 hl=2 l= 3 prim: OBJECT :organizationName
133:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET
149:d=3 hl=2 l= 21 cons: SET
151:d=4 hl=2 l= 19 cons: SEQUENCE
153:d=5 hl=2 l= 3 prim: OBJECT :commonName
158:d=5 hl=2 l= 12 prim: UTF8STRING :CA Subsystem
$ openssl asn1parse -inform pem -in ocsp.crt
37:d=5 hl=2 l= 3 prim: OBJECT :organizationName
42:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET
58:d=3 hl=2 l= 30 cons: SET
60:d=4 hl=2 l= 28 cons: SEQUENCE
62:d=5 hl=2 l= 3 prim: OBJECT :commonName
67:d=5 hl=2 l= 21 prim: UTF8STRING :Certificate Authority
90:d=2 hl=2 l= 30 cons: SEQUENCE
92:d=3 hl=2 l= 13 prim: UTCTIME :240403113248Z
107:d=3 hl=2 l= 13 prim: UTCTIME :340401113248Z
122:d=2 hl=2 l= 50 cons: SEQUENCE
124:d=3 hl=2 l= 23 cons: SET
126:d=4 hl=2 l= 21 cons: SEQUENCE
128:d=5 hl=2 l= 3 prim: OBJECT :organizationName
133:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET
149:d=3 hl=2 l= 23 cons: SET
151:d=4 hl=2 l= 21 cons: SEQUENCE
153:d=5 hl=2 l= 3 prim: OBJECT :commonName
158:d=5 hl=2 l= 14 prim: UTF8STRING :OCSP Subsystem
$ openssl asn1parse -inform pem -in ra-agent.pem
37:d=5 hl=2 l= 3 prim: OBJECT :organizationName
42:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET
58:d=3 hl=2 l= 30 cons: SET
60:d=4 hl=2 l= 28 cons: SEQUENCE
62:d=5 hl=2 l= 3 prim: OBJECT :commonName
67:d=5 hl=2 l= 21 prim: UTF8STRING :Certificate Authority
90:d=2 hl=2 l= 30 cons: SEQUENCE
92:d=3 hl=2 l= 13 prim: UTCTIME :240322132444Z
107:d=3 hl=2 l= 13 prim: UTCTIME :260312132444Z
122:d=2 hl=2 l= 42 cons: SEQUENCE
124:d=3 hl=2 l= 23 cons: SET
126:d=4 hl=2 l= 21 cons: SEQUENCE
128:d=5 hl=2 l= 3 prim: OBJECT :organizationName
133:d=5 hl=2 l= 14 prim: UTF8STRING :IPA.****.NET
149:d=3 hl=2 l= 15 cons: SET
151:d=4 hl=2 l= 13 cons: SEQUENCE
153:d=5 hl=2 l= 3 prim: OBJECT :commonName
158:d=5 hl=2 l= 6 prim: PRINTABLESTRING :IPA RA
I tried a resubmit on the ra-agent cert with getcert and this was the result
Request ID '20190322032004':
status: CA_UNREACHABLE
ca-error: Error 35 connecting to
https://ipa1-sea2.ipa.****.net:8443/ca/agent/ca/profileReview: SSL connect
error.
stuck: no
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
