ramifications of this change and why it is
> > needed?
> >
> > I notice that most of the Openstack projects use the default "Merge
> > If
> > Necessary", and want to understand (or at least document) why we want
> > to do things differently.
> >
> &
Just a quick heads up that a couple of new RFCs[1][2] update RFC
5280 w.r.t. i18n support.
[1] https://tools.ietf.org/html/rfc8398
[2] https://tools.ietf.org/html/rfc8399
The most notable change is a new otherName type to represent
internationalised email addresses (i.e. when the local part is
On Tue, May 01, 2018 at 09:34:23PM -0400, Endi Sukma Dewata wrote:
> Hi,
>
> PKI 10.6.0 and TomcatJSS 7.3.0 has officially been released
> upstream and in Fedora 28:
>
> https://github.com/dogtagpki/pki/releases/tag/v10.6.0
> https://github.com/dogtagpki/tomcatjss/releases/tag/v7.3.0
>
> Please
On Fri, Mar 09, 2018 at 07:02:23PM +1000, Fraser Tweedale wrote:
> Hi,
>
> It seems that with the change in logging backend, calls to
> CMS.debug(Throwable e) no longer print the stack trace. The name of
> the exception is printed by the error message has been suppressed.
>
On Tue, Mar 27, 2018 at 11:16:01AM -0400, Endi Sukma Dewata wrote:
> Hi,
>
> The Dogtag PKI Website URL has changed as follows:
>
> * Old URL: http://pki.fedoraproject.org
> * New URL: http://www.dogtagpki.org
>
> Please use the new URL whenever possible. The old URL should
> automatically be
On Tue, Mar 27, 2018 at 09:52:22PM -0400, Endi Sukma Dewata wrote:
> - Original Message -
> > On Tue, Mar 27, 2018 at 11:16:01AM -0400, Endi Sukma Dewata wrote:
> > > Hi,
> > >
> > > The Dogtag PKI Website URL has changed as follows:
> > >
> > > * Old URL: http://pki.fedoraproject.org
>
Hi Christina et al,
Could someone with a familiarity/interest in IPAddress altnames /
name constraints please review this patchset and the three related
patchsets, when you have time?
https://review.gerrithub.io/#/c/398356/
The related BZ is
Dear Dinesh,
The 10.6.7-1 update[1] was given negative karma due to FreeIPA
installation failure[2] on openqa. I have spent considerable time
trying to reproduce the failure using the same package from
updates-testing, without success.
[1]
On Mon, Mar 11, 2019 at 03:58:17PM +0100, François Cami wrote:
> Hi,
>
> The Java maintainers have orphaned most, if not all, of the Java stack
> in Fedora, in favor of modules:
>
On Fri, Nov 01, 2019 at 05:29:40PM +0530, Sharath wrote:
> HI Team,
>
> 1. Can you please help, how to generate the certificate using pkcs #12
> format??
>
Hi Sharath,
PKCS #12 is a key and certificate archival format. The main use of
PKCS #12 in Dogtag is retrieving archived keys from the KRA
Just want to flag something related to ACME orders and
authorisations.
In ACME authorizations can be shared by multiple orders. In fact
you can also "preauthorize" your account for an identifier, so there
can also be a authorizations with no orders attached.
Does the way we have implemented the
On Thu, Dec 05, 2019 at 11:18:15AM +1000, Fraser Tweedale wrote:
> On Wed, Dec 04, 2019 at 06:36:24PM -0500, Endi Sukma Dewata wrote:
> > - Original Message -
> > > Just want to flag something related to ACME orders and
> > > authorisations.
> > &g
On Tue, Jan 28, 2020 at 07:02:36PM +0530, Sharath wrote:
> Hello Team,
>
> I have taken the source code git repository, currently pointing
> origin/DOGTAG_10_6_BRANCH. Can you please text the steps to build Dogtag PKI
> source ?
>
> ./build.sh is failed due to dependencies...
>
> is there any
On Tue, Mar 17, 2020 at 05:04:59PM -0400, Endi Sukma Dewata wrote:
> - Original Message -
> > Hi Endi,
> >
> > Just want to quickly discuss certificate IDs.
> >
> > Currently on ACMEBackend interface we have
> >
> > public BigInteger issueCertificate(String csr);
> >
> > I think this
Hi Endi,
Responses inline.
On Fri, Mar 20, 2020 at 12:55:46AM -0400, Endi Sukma Dewata wrote:
> - Original Message -
> > > > Currently on ACMEBackend interface we have
> > > >
> > > > public BigInteger issueCertificate(String csr);
> > > >
> > > > I think this is a bit of a problem.
On Fri, Mar 20, 2020 at 03:41:05PM -0400, Endi Sukma Dewata wrote:
> - Original Message -
> > > Let me backtrack a little bit. Is there a plan to modify Dogtag to
> > > eventually support different serial number domains? If not, this is
> > > not an issue for Dogtag.
> >
> > There is no
Hi Endi,
Just want to quickly discuss certificate IDs.
Currently on ACMEBackend interface we have
public BigInteger issueCertificate(String csr);
I think this is a bit of a problem. e.g. Dogtag currently supports
multiple issuers (LWCAs). It is incidental that serial numbers do
not
Hi Christina,
Adding pki-devel@ for wider audience. Comments below.
On Mon, Jun 01, 2020 at 06:28:42PM -0700, Christina Fu wrote:
> Hi Fraser,
> Do you know how the signature returned in the SCT response could be
> verified by the CA?
> My thought is that the CA should somehow verify the CT
On Thu, Jul 02, 2020 at 11:35:22AM -0400, Alex Scheel wrote:
> There's a proposal for GSS-API auth:
>
> https://www.dogtagpki.org/wiki/GSS-API_authentication
> https://www.freeipa.org/page/V4/Dogtag_GSS-API_Authentication
>
> However, it isn't implemented yet. This would probably suffice for
>
atever follows the '@'. So
if REMOTE_USER is an email address and everyone has the same domain,
this could work with the current code. Otherwise, we'll need to
make changes.
All that said, providing an alternative way of specifying the realm
is a small RFE with a big payoff.
HTH,
Fraser
> Th
On Wed, Jun 17, 2020 at 12:59:57AM +1000, Fraser Tweedale wrote:
> Thanks for the testing notes, Christina.
>
> Today I set up a local test CT log server using a container image.
> I plan to document more thoroughly but rough notes at [1].
>
> Now to the issue I found -
enabled, but the failure is ignored.
> However, you could look in the debug log for "verifySCT" to see relevant
> debug messages.
>
> I'll ask Dinesh to add his more comprehensive testing procedure to the page.
> thanks!!
> Christina
>
> On Thu, Jun 11, 2020 at 5:5
t;
> > Also thanks for the input on how to handle failed CT log communication
> > v.s. response verification failure. I will address them separately as
> > suggested.
> > Finally, nice catch with the missing data length!! I'll add that and go
> > from there.
> >
>
On Wed, Jun 03, 2020 at 08:17:39PM -0400, Dinesh Prasanth Moluguwan
Krishnamoorthy wrote:
> Hello team,
>
> I’m part of Dogtag PKI open-source project [1]. Our team strives to provide
> enterprise-class open-source Public Key Infrastructure (PKI) [2].
>
> Dogtag PKI server is a Java web
101 - 124 of 124 matches
Mail list logo