David T. MacKenzie wrote:
Mr. Hennessy, here's a jump-start on certutil:
To list CAs:
certutil -L -d /etc/pki/nssdb/
To import one:
certutil -A -n "Smart Card CA" -t "CT,C," -d /etc/pki/nssdb -i certfile.crt
Thanks. That helps a significant amount, but after importing the certs I
think I need I get partial sucess. Cutting and pasting from a
pkcs11_inspect I get the following:
DEBUG:pkcs11_inspect.c:139: verifing the certificate for the key #1
DEBUG:cert_vfy.c:37: Verifying Cert: HENNESSY.GREGORY.S.1228899166:CAC
ID Certificate
(CN=HENNESSY.GREGORY.S.1228899166,OU=USN,OU=PKI,OU=DoD,O=U.S.
Government,C=US)
DEBUG:pkcs11_inspect.c:156: Inspecting certificate for key #1
Printing data for mapper cn:
HENNESSY.GREGORY.S.1228899166
DEBUG:mapper_mgr.c:243: Cannot find cert data for mapper uid
Printing data for mapper pwent:
HENNESSY.GREGORY.S.1228899166
DEBUG:mapper_mgr.c:235: Mapper 'null' has no inspect() function
DEBUG:pkcs11_inspect.c:139: verifing the certificate for the key #2
DEBUG:cert_vfy.c:37: Verifying Cert: HENNESSY.GREGORY.S.1228899166:CAC
Email Signature Certificate
(CN=HENNESSY.GREGORY.S.1228899166,OU=USN,OU=PKI,OU=DoD,O=U.S.
Government,C=US)
DEBUG:cert_vfy.c:41: Couldn't verify Cert: Invalid OCSP signing
certificate in OCSP response.
DEBUG:pkcs11_inspect.c:152: verify_certificate() failed:
One certificate seems fine, but can anyone shed light on what Invalid
OCSP signing cert means I did wrong?
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
