It was discovered that the following parameters need to be added to the 'CS.cfg' configuration file of a Dogtag 9 CA instance when running under Dogtag 10 packages (in order to allow a certificate request enrollment to be approved):
processor.caDoRevoke.authorityId=ca processor.caDoRevoke.authzMgr=BasicAclAuthz processor.caDoRevoke.authzResourceName=certServer.ee.certificates processor.caDoRevoke.getClientCert=false processor.caDoRevoke-agent.authMgr=certUserDBAuthMgr processor.caDoRevoke-agent.authorityId=ca processor.caDoRevoke-agent.authzMgr=BasicAclAuthz processor.caDoRevoke-agent.authzResourceName=certServer.ca.certificates processor.caDoRevoke-agent.getClientCert=true processor.caDoUnrevoke.authMgr=certUserDBAuthMgr processor.caDoUnrevoke.authorityId=ca processor.caDoUnrevoke.authzMgr=BasicAclAuthz processor.caDoUnrevoke.authzResourceName=certServer.ca.certificate processor.caDoUnrevoke.getClientCert=true processor.caProfileProcess.authMgr=certUserDBAuthMgr processor.caProfileProcess.authorityId=ca processor.caProfileProcess.authzMgr=BasicAclAuthz processor.caProfileProcess.authzResourceName=certServer.ca.request.profile processor.caProfileProcess.getClientCert=true processor.caProfileSubmit.authorityId=ca processor.caProfileSubmit.authzMgr=BasicAclAuthz processor.caProfileSubmit.authzResourceName=certServer.ee.profile processor.caProfileSubmit.getClientCert=false
Resolved in Dogtag 10:
commit 48e68f928f72a782afa6ab165a026901efd53b22 Author: Matthew Harmsen <mharmsen@redhat.com> Date: Mon Aug 27 20:48:34 2012 -0700 Verify symbolic links and update CS.cfg for Dogtag 10 * TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks in an instance * TRAC Ticket #303 - Dogtag 10: CS.cfg parameters for Dogtag 9 instance running under Dogtag 10 packages . . .
Metadata Update from @mharmsen: - Issue assigned to mharmsen - Issue set to the milestone: Dogtag 10.0.0.a1
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/874
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.