summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2014-01-14 12:44:57 -0500
committerEndi S. Dewata <edewata@redhat.com>2014-01-14 12:44:57 -0500
commit6c917d96cb5fb61680ebfe1cba3040dd4b38180d (patch)
tree797a0a784ab47b75022d9566007e5ccc6094bbd5
parent779c417a7d9590322a9cfe0060db605568e74af8 (diff)
downloadpki-dev-6c917d96cb5fb61680ebfe1cba3040dd4b38180d.tar.gz
pki-dev-6c917d96cb5fb61680ebfe1cba3040dd4b38180d.tar.xz
pki-dev-6c917d96cb5fb61680ebfe1cba3040dd4b38180d.zip
Updated TPS scripts.
Diffstat
-rwxr-xr-xscripts/tps-build.sh20
-rw-r--r--scripts/tps-configure.out3771
-rwxr-xr-xscripts/tps-configure.sh4
-rwxr-xr-xscripts/tps-create.sh26
-rwxr-xr-xscripts/tps-download.sh12
-rwxr-xr-xscripts/tps-enroll.sh18
-rwxr-xr-xscripts/tps-install.sh5
-rwxr-xr-xscripts/tps-publish.sh10
-rwxr-xr-xscripts/tps-remove.sh15
-rwxr-xr-xscripts/tps-secret-import.sh (renamed from scripts/tps-import-shared.sh)0
-rwxr-xr-xscripts/tps-secret-list.sh9
-rwxr-xr-xscripts/tps-start.sh9
-rwxr-xr-xscripts/tps-stop.sh9
-rw-r--r--scripts/tps.cfg14
14 files changed, 3858 insertions, 64 deletions
diff --git a/scripts/tps-build.sh b/scripts/tps-build.sh
index 14fcdef..170b9e9 100755
--- a/scripts/tps-build.sh
+++ b/scripts/tps-build.sh
@@ -1,21 +1,19 @@
#!/bin/sh -x
-WORK_DIR=`pwd`
PROJECT_DIR=`cd ../.. ; pwd`
-COMPONENT=tps
-mkdir -p $WORK_DIR/build
-rm -rf $WORK_DIR/build/$COMPONENT
+BUILD_DIR=$HOME/build/pki-tps
+COMPOSE=$PROJECT_DIR/pki/scripts/compose_pki_tps_packages
-cd $PROJECT_DIR
-rm -rf packages
-mkdir -p packages
+mkdir -p $BUILD_DIR
+cd $BUILD_DIR
-pki/scripts/compose_pki_${COMPONENT}_packages rpms 2>&1 | tee packages/build.log
+rm -rf rpmbuild
+mkdir -p rpmbuild
-mv packages $WORK_DIR/build/$COMPONENT
-cd $WORK_DIR/build/$COMPONENT
+$COMPOSE --work-dir $BUILD_DIR/rpmbuild rpms 2>&1 | tee build.log
+rm -rf repo
mkdir -p repo
-mv `find RPMS -name *.rpm` repo
+mv `find rpmbuild/RPMS -name *.rpm` repo
createrepo repo
diff --git a/scripts/tps-configure.out b/scripts/tps-configure.out
new file mode 100644
index 0000000..5b5fddc
--- /dev/null
+++ b/scripts/tps-configure.out
@@ -0,0 +1,3771 @@
+libpath=/usr/lib64
+#######################################################################
+CRYPTO INIT WITH CERTDB:/home/edewata/Projects/pki-dev/certs/tps
+tokenpwd:Secret123
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+in TestCertApprovalCallback.approve()
+Peer cert details:
+ subject: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55
+ issuer: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55
+ serial: 0
+item 1 reason=-8156 depth=1
+ cert details:
+ subject: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55
+ issuer: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55
+ serial: 0
+item 2 reason=-8172 depth=1
+ cert details:
+ subject: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55
+ issuer: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55
+ serial: 0
+importing certificate.
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/login?pin=hVBuhr0azj9HumVnT4P8&xml=true
+RESPONSE STATUS: HTTP/1.1 302 Found
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:10 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Set-Cookie: pin=hVBuhr0azj9HumVnT4P8; path=/; expires=Fri, 21-Nov-2014 17:53:10 GMT
+RESPONSE HEADER: Location: wizard
+RESPONSE HEADER: Content-Length: 0
+RESPONSE HEADER: Keep-Alive: timeout=15, max=100
+RESPONSE HEADER: Connection: Keep-Alive
+RESPONSE HEADER: Content-Type: text/html
+xml returned:
+cookie list: pin=hVBuhr0azj9HumVnT4P8; path=/; expires=Fri, 21-Nov-2014 17:53:10 GMT
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=0&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:10 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <csstate>1</csstate>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <lastpanel>0</lastpanel>
+ <name>Token Processing System</name>
+ <oms/>
+ <p>1</p>
+ <panel>tps/admin/console/config/modulepanel.vm</panel>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <subpanelno>2</subpanelno>
+ <title>Security Modules</title>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=1&choice=NSS+Certificate+DB&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:16 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <csstate>1</csstate>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <lastpanel>0</lastpanel>
+ <name>Token Processing System</name>
+ <oms/>
+ <p>3</p>
+ <panel>tps/admin/console/config/securitydomainpanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>4</subpanelno>
+ <title>Security Domain</title>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=3&choice=existingdomain&sdomainURL=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A8443&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:22 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <csstate>1</csstate>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <lastpanel>0</lastpanel>
+ <name>Token Processing System</name>
+ <oms/>
+ <p>4</p>
+ <panel>tps/admin/console/config/displaycertchainpanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>5</subpanelno>
+ <title>Display Certificate Chain</title>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=4&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 301 Moved Permanently
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:29 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Location: https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS
+RESPONSE HEADER: Content-Length: 0
+RESPONSE HEADER: Keep-Alive: timeout=15, max=100
+RESPONSE HEADER: Connection: Keep-Alive
+RESPONSE HEADER: Content-Type: text/html
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:8443
+in TestCertApprovalCallback.approve()
+Peer cert details:
+ subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE
+ issuer: CN=CA Signing Certificate,O=EXAMPLE
+ serial: 3
+item 1 reason=-8172 depth=1
+ cert details:
+ subject: CN=CA Signing Certificate,O=EXAMPLE
+ issuer: CN=CA Signing Certificate,O=EXAMPLE
+ serial: 1
+importing certificate.
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:8443//ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DTPS
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Server: Apache-Coyote/1.1
+RESPONSE HEADER: Content-Type: text/html;charset=UTF-8
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:35 GMT
+RESPONSE HEADER: Connection: close
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:8443
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:8443//ca/admin/ca/getCookie?uid=caadmin&pwd=Secret123&url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DTPS
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Server: Apache-Coyote/1.1
+RESPONSE HEADER: Content-Type: text/html
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:36 GMT
+RESPONSE HEADER: Connection: close
+Sleeping for 5 secs..
+TPS_SESSION_ID=5892650296702736989
+TPS_URL=https://vm-084.idm.lab.bos.redhat.com:7890/tps/admin/console/config/wizard?p=3&subsystem=TPS
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=5&subsystem=TPS&session_id=5892650296702736989&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:41 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+Sleeping for 5 secs..
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=5&choice=newsubsystem&subsystemName=Token+Processing+System&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:53 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>6</p>
+ <panel>tps/admin/console/config/cainfopanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>7</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>CA Information</title>
+ <urls>
+ <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ </urls>
+ <urls_size>1</urls_size>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=6&urls=0&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:59 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>7</p>
+ <panel>tps/admin/console/config/tksinfopanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>8</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>TKS Information</title>
+ <urls>
+ <element>TKS vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ </urls>
+ <urls_size>1</urls_size>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=7&urls=0&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:05 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>8</p>
+ <panel>tps/admin/console/config/drminfopanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>9</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>DRM Information</title>
+ <urls>
+ <element>KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ </urls>
+ <urls_size>1</urls_size>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=8&choice=keygen&urls=0&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:12 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <basedn>dc=idm,dc=lab,dc=bos,dc=redhat,dc=com</basedn>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <hostname>localhost</hostname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>9</p>
+ <panel>tps/admin/console/config/authdbpanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <portStr>389</portStr>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <secureconn>false</secureconn>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>10</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>Authentication Directory</title>
+ <urls>
+ <element>KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ </urls>
+ <urls_size>1</urls_size>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=9&host=vm-084.idm.lab.bos.redhat.com&port=389&basedn=dc%3Dexample%2Cdc%3Dcom&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:18 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn>
+ <binddn>cn=directory manager</binddn>
+ <bindpwd/>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <hostname>localhost</hostname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>10</p>
+ <panel>tps/admin/console/config/databasepanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <portStr>389</portStr>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <secureconn>false</secureconn>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>11</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>Internal Database</title>
+ <urls>
+ <element>KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ </urls>
+ <urls_size>1</urls_size>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=10&host=vm-084.idm.lab.bos.redhat.com&port=389&binddn=cn%3DDirectory+Manager&__bindpwd=Secret123&basedn=dc%3Dtps%2Cdc%3Dexample%2Cdc%3Dcom&database=pki-tps&display=&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:24 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn>
+ <binddn>cn=directory manager</binddn>
+ <bindpwd/>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <certs>
+ <element>
+ <certinfo>
+ <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps</dn>
+ <tag>sslserver</tag>
+ <friendly>SSL Server Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Subsystem Certificate, OU=pki-tps</dn>
+ <tag>subsystem</tag>
+ <friendly>Subsystem Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Audit Signing Certificate, OU=pki-tps</dn>
+ <tag>audit_signing</tag>
+ <friendly>Audit Log Signing Certificate</friendly>
+ </certinfo>
+ </element>
+ </certs>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <custom_size>2048</custom_size>
+ <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <default_ecc_curvename>nistp256</default_ecc_curvename>
+ <default_keysize>2048</default_keysize>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <firsttime>true</firsttime>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <hostname>localhost</hostname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list>
+ <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list>
+ <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>11</p>
+ <panel>tps/admin/console/config/sizepanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <portStr>389</portStr>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <secureconn>false</secureconn>
+ <select>default</select>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>12</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>Key Pairs</title>
+ <urls>
+ <element>KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ </urls>
+ <urls_size>1</urls_size>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=11&keytype=rsa&choice=default&custom_size=2048&sslserver_keytype=rsa&sslserver_choice=custom&sslserver_custom_size=2048&subsystem_keytype=rsa&subsystem_choice=custom&subsystem_custom_size=2048&audit_signing_keytype=rsa&audit_signing_choice=default&audit_signing_custom_size=2048&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:39 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn>
+ <binddn>cn=directory manager</binddn>
+ <bindpwd/>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <certs>
+ <element>
+ <certinfo>
+ <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>sslserver</tag>
+ <friendly>SSL Server Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>subsystem</tag>
+ <friendly>Subsystem Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>audit_signing</tag>
+ <friendly>Audit Log Signing Certificate</friendly>
+ </certinfo>
+ </element>
+ </certs>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <custom_size>2048</custom_size>
+ <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <default_ecc_curvename>nistp256</default_ecc_curvename>
+ <default_keysize>2048</default_keysize>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <firsttime>true</firsttime>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <hostname>localhost</hostname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list>
+ <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list>
+ <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>12</p>
+ <panel>tps/admin/console/config/namepanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <portStr>389</portStr>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <secureconn>false</secureconn>
+ <select>default</select>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>13</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>Subject Names</title>
+ <urls>
+ <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ <element>External CA</element>
+ </urls>
+ <urls_size>3</urls_size>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=12&sslserver=CN%3Dvm-084.idm.lab.bos.redhat.com%2CO%3DEXAMPLE&sslserver_nick=Server-Cert+cert-pki-tps&subsystem=CN%3DTPS+Subsystem+Certificate%2CO%3DEXAMPLE&subsystem_nick=subsystemCert+cert-pki-tps&audit_signing=CN%3DTPS+Audit+Signing+Certificate%2CO%3DEXAMPLE&audit_signing_nick=auditSigningCert+cert-pki-tps&urls=0&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:46 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn>
+ <binddn>cn=directory manager</binddn>
+ <bindpwd/>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <certs>
+ <element>
+ <certinfo>
+ <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>sslserver</tag>
+ <friendly>SSL Server Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>subsystem</tag>
+ <friendly>Subsystem Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>audit_signing</tag>
+ <friendly>Audit Log Signing Certificate</friendly>
+ </certinfo>
+ </element>
+ </certs>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <custom_size>2048</custom_size>
+ <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <default_ecc_curvename>nistp256</default_ecc_curvename>
+ <default_keysize>2048</default_keysize>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <firsttime>true</firsttime>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <hostname>localhost</hostname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list>
+ <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list>
+ <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>13</p>
+ <panel>tps/admin/console/config/certrequestpanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <portStr>389</portStr>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <reqscerts>
+ <element>
+ <reqcertinfo>
+ <name>SSL Server Certificate</name>
+ <req>-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMddm0t
+MDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8VWAvSv5V4LRR/MlGgZLf3
+yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpAwSVN1CWtrbflP5O9wkVF
+kxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1pfW4Jb6O+vOUzHHNEfH3U
+hFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwgdIxI1Q9jZZTiuupfu3Hq
+Ipt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1XmBoIvIAJiDWUETBiB4X
+iYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOvAqer08kY4ELo70uE1IWX
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAjAtHz3uSFKDHpYgxCFKiAxSv
+NUHdhIZO4DjEl6BuxvH2dkrMOeBuzmGUdB/dmprKvMBRtTwjopD/vbRTkKPc
+bB4j92pVxlAUlAd4dvzuFGcK/mhB8kdmCXAAgBOPKlZgpHoWRRaEqbdFznjQ
+KDz1lFE6Lb1Wpmcx9u6ZUWjHLd4sr+Ym+byXx9DroMBYV3rK35xUhpNlMjUM
+PSX+Fqgx4ddGgpGm0kh9TlczNUMQb+kqds8c3SRCfUTZNo4cE/LOEDqkUdYy
+XwTXjjAag7c6b7Dv8/OR4jNNrvAihn5YdlAo3aRssE6zQCKrOfN2bYy3uWMG
++VqC9saBiWkg8sgPbg==
+-----END NEW CERTIFICATE REQUEST-----</req>
+ <cert>-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF
+WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz
+MTEyMTE3NTQ0OVoXDTE1MTExMTE3NTQ0OVowOjEQMA4GA1UEChMHRVhBTVBM
+RTEmMCQGA1UEAxMddm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8V
+WAvSv5V4LRR/MlGgZLf3yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpA
+wSVN1CWtrbflP5O9wkVFkxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1p
+fW4Jb6O+vOUzHHNEfH3UhFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwg
+dIxI1Q9jZZTiuupfu3HqIpt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1
+XmBoIvIAJiDWUETBiB4XiYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOv
+Aqer08kY4ELo70uE1IWXAgMBAAGjgawwgakwHwYDVR0jBBgwFoAUY6p+ucCt
+MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo
+dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v
+Y3NwMA4GA1UdDwEB/wQEAwIE8DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB
+BQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQDbNeargy6K/gjb
+kkkSgvyfB+evtAGk5O+6lHuAhWefvS4LEkY6VyfZ2q8FJ5i5emIX5udlCpaR
+rd1B5czHsv/QRboUYSIVHcUAaQJyxakIF2gzfGtNiTDWFcNNdhLXfBkZMesy
+F9azUAJyWIwe4i965F39si+V8MsdcMJB72K5Yk7/IPjANBoN5ZMxFQN1jODX
+JRyaSSx34q+Gh+an7NtEGf7zYw04rWPctaLnojrBwtNi9WxSb5kQcrNL7QPl
+L8ZwMl2xkiPLHIHMXzDSesqgpZNAdiMHy/KusfZRhfJPSc6gY7oM7fKyIdJS
+hOq8/unh4rG37Ws7TLWxV3BNUv7R
+-----END CERTIFICATE-----</cert>
+ <certpp>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 16 (0x10)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:54:49 2013
+ Not After : Wed Nov 11 17:54:49 2015
+ Subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ bf:f6:ad:7c:2f:ac:1a:31:29:b4:ff:ab:d0:0d:4f:15:
+ 58:0b:d2:bf:95:78:2d:14:7f:32:51:a0:64:b7:f7:c8:
+ 13:24:c0:3d:8c:08:61:4b:ce:88:6d:be:6c:da:d3:f3:
+ 9f:ab:6f:2b:6a:2c:12:99:6e:58:65:6a:40:c1:25:4d:
+ d4:25:ad:ad:b7:e5:3f:93:bd:c2:45:45:93:1c:b9:92:
+ 2e:f6:41:67:23:2a:fc:28:24:17:91:f2:b5:e1:49:d9:
+ 14:95:bc:79:07:25:75:78:7d:69:7d:6e:09:6f:a3:be:
+ bc:e5:33:1c:73:44:7c:7d:d4:84:50:ee:2b:9d:f9:56:
+ c4:28:3c:b3:72:c3:4b:32:b3:3f:64:f0:08:d7:3f:33:
+ ab:14:6a:69:43:3c:20:74:8c:48:d5:0f:63:65:94:e2:
+ ba:ea:5f:bb:71:ea:22:9b:7b:39:1a:5d:77:69:10:45:
+ 3c:ae:0b:35:fe:f5:3a:78:fe:c8:63:93:ce:e2:a9:72:
+ ec:31:8b:b5:5e:60:68:22:f2:00:26:20:d6:50:44:c1:
+ 88:1e:17:89:8b:22:14:cf:f2:5c:cd:d7:99:5b:95:f9:
+ 22:50:fb:1b:75:5c:82:5c:43:ea:4c:d8:ed:91:0a:43:
+ af:02:a7:ab:d3:c9:18:e0:42:e8:ef:4b:84:d4:85:97
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Key Encipherment
+ Data Encipherment
+
+ Name: Extended Key Usage
+ TLS Web Server Authentication Certificate
+ TLS Web Client Authentication Certificate
+ E-Mail Protection Certificate
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ db:35:e6:ab:83:2e:8a:fe:08:db:92:49:12:82:fc:9f:
+ 07:e7:af:b4:01:a4:e4:ef:ba:94:7b:80:85:67:9f:bd:
+ 2e:0b:12:46:3a:57:27:d9:da:af:05:27:98:b9:7a:62:
+ 17:e6:e7:65:0a:96:91:ad:dd:41:e5:cc:c7:b2:ff:d0:
+ 45:ba:14:61:22:15:1d:c5:00:69:02:72:c5:a9:08:17:
+ 68:33:7c:6b:4d:89:30:d6:15:c3:4d:76:12:d7:7c:19:
+ 19:31:eb:32:17:d6:b3:50:02:72:58:8c:1e:e2:2f:7a:
+ e4:5d:fd:b2:2f:95:f0:cb:1d:70:c2:41:ef:62:b9:62:
+ 4e:ff:20:f8:c0:34:1a:0d:e5:93:31:15:03:75:8c:e0:
+ d7:25:1c:9a:49:2c:77:e2:af:86:87:e6:a7:ec:db:44:
+ 19:fe:f3:63:0d:38:ad:63:dc:b5:a2:e7:a2:3a:c1:c2:
+ d3:62:f5:6c:52:6f:99:10:72:b3:4b:ed:03:e5:2f:c6:
+ 70:32:5d:b1:92:23:cb:1c:81:cc:5f:30:d2:7a:ca:a0:
+ a5:93:40:76:23:07:cb:f2:ae:b1:f6:51:85:f2:4f:49:
+ ce:a0:63:ba:0c:ed:f2:b2:21:d2:52:84:ea:bc:fe:e9:
+ e1:e2:b1:b7:ed:6b:3b:4c:b5:b1:57:70:4d:52:fe:d1
+ Fingerprint (MD5):
+ 5B:BA:5A:1E:52:1A:ED:13:AB:E3:19:4F:A9:A0:F7:F3
+ Fingerprint (SHA1):
+ C5:E3:BA:90:42:9E:A2:8A:80:ED:A7:DE:D7:4A:BB:EC:9B:A1:27:31
+
+ Certificate Trust Flags:
+ SSL Flags:
+ User
+ Email Flags:
+ User
+ Object Signing Flags:
+ User
+
+</certpp>
+ <tag>sslserver</tag>
+ <dn>sslserver</dn>
+ </reqcertinfo>
+ </element>
+ <element>
+ <reqcertinfo>
+ <name>Subsystem Certificate</name>
+ <req>-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICezCCAWMCAQAwNjEQMA4GA1UEChMHRVhBTVBMRTEiMCAGA1UEAxMZVFBT
+IFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0AjjFK2Jg20ip1tcP5/8R2n
+xTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIzobfBbamW7vzML4mL9bwP
+jh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB3/ctf+fPTIdtWZ12pIJP
+K9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ0lh6w+MyJ2GBjbpK3r8p
+GuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qRW5yPbgIWqPSR7uwOL7Vi
+MrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcxQftG4o7vh0eThG0CAwEA
+AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAV8clzGabViitCdWmz2DeE4alTiYqa
+HWeXno4nKCXBttdkgrr4lu1hNfIjJSxHfj1R+FmAz27jtvA/0bDdBXRuTyzx
+ROhZ7raoMymQCW+w8tYO/ThaVQLijx+muX13gfCU0Bxq5+WDRJY4P4TCa49P
+3RBMziTc7kVagdmjhWYjnwRyWr8acOo4qEoo/X0wLC01MAe24OyKbfCt+FbT
+6PgjCVUAQ5HjmeWXyZQc89iZrkz2XVTFwQUKieni47pAVSL/Abkng2U8czIw
+cbBbP6DFO9t2L2Dye9z9LaA9jwSPVaRyKUdOEfemK75kQRLixs2BXUEeZazQ
+QgPZ9cJsptbf
+-----END NEW CERTIFICATE REQUEST-----</req>
+ <cert>-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBETANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF
+WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz
+MTEyMTE3NTQ1MFoXDTE1MTExMTE3NTQ1MFowNjEQMA4GA1UEChMHRVhBTVBM
+RTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0Aj
+jFK2Jg20ip1tcP5/8R2nxTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIz
+obfBbamW7vzML4mL9bwPjh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB
+3/ctf+fPTIdtWZ12pIJPK9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ
+0lh6w+MyJ2GBjbpK3r8pGuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qR
+W5yPbgIWqPSR7uwOL7ViMrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcx
+QftG4o7vh0eThG0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBRjqn65wK0yKEDu
+gzfgeN+hflzSRDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6
+Ly92bS0wODQuaWRtLmxhYi5ib3MucmVkaGF0LmNvbTo4MDgwL2NhL29jc3Aw
+DgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3
+DQEBCwUAA4IBAQDRBXrEAqLiecW5Xh0yEwgGbcDtpRO2BCbFp3F2W8wURlo0
+axinBQCwdDGkgkXCodyib/CkJk0E5MpbJ6+q6/VLgByyzpGk1uNVIBvlfRtG
+TXvU41MrjGjhVANz/uYUA7P96sWxNu8OYQv4mlyh5BDk3itYqfuIN9pLkvRL
+SKGqRr+ot6hBMweysCT8I4jMBtFFXszCmithBR4x9O+n7QUcIYWrxKkT9Fm8
+PvHFeb8dMNWU7etAxQVrc/ewZbeYG+S01PFj1lopATHxZqFSCjB6RukjiIe0
+BfNUbzfputLXPUuZu0d/z5EhT+fgNKXUb9zeYFsqebP1ln/JsOJ0MJ4/
+-----END CERTIFICATE-----</cert>
+ <certpp>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 17 (0x11)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:54:50 2013
+ Not After : Wed Nov 11 17:54:50 2015
+ Subject: CN=TPS Subsystem Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ b0:81:63:41:45:31:21:56:27:2e:86:ee:03:7d:e2:1f:
+ 1b:b3:40:23:8c:52:b6:26:0d:b4:8a:9d:6d:70:fe:7f:
+ f1:1d:a7:c5:32:da:ab:cf:8e:0f:15:05:1a:dd:dd:d6:
+ f8:66:b5:f2:88:a0:3d:61:a7:a9:8c:c4:ac:90:82:f2:
+ 33:a1:b7:c1:6d:a9:96:ee:fc:cc:2f:89:8b:f5:bc:0f:
+ 8e:1f:af:79:00:b4:86:ac:d9:8b:c6:ed:e3:3d:56:a4:
+ 42:3a:45:99:18:18:38:a2:bb:dc:b1:d4:d5:81:df:f7:
+ 2d:7f:e7:cf:4c:87:6d:59:9d:76:a4:82:4f:2b:d0:33:
+ cb:64:47:20:15:6f:49:1a:ae:52:5c:72:b9:a4:1d:d7:
+ 12:7c:56:04:53:fd:8f:c3:0d:23:89:d2:58:7a:c3:e3:
+ 32:27:61:81:8d:ba:4a:de:bf:29:1a:e3:67:39:4a:79:
+ ff:54:9a:66:d6:38:01:80:a1:d6:1e:f2:34:d5:81:60:
+ ba:10:06:64:d6:df:ea:91:5b:9c:8f:6e:02:16:a8:f4:
+ 91:ee:ec:0e:2f:b5:62:32:bc:47:3a:58:e7:fc:5a:e9:
+ 63:74:30:00:cb:2d:16:7c:05:e5:b3:93:df:ab:bd:ea:
+ da:58:40:f7:31:41:fb:46:e2:8e:ef:87:47:93:84:6d
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Key Encipherment
+ Data Encipherment
+
+ Name: Extended Key Usage
+ TLS Web Client Authentication Certificate
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ d1:05:7a:c4:02:a2:e2:79:c5:b9:5e:1d:32:13:08:06:
+ 6d:c0:ed:a5:13:b6:04:26:c5:a7:71:76:5b:cc:14:46:
+ 5a:34:6b:18:a7:05:00:b0:74:31:a4:82:45:c2:a1:dc:
+ a2:6f:f0:a4:26:4d:04:e4:ca:5b:27:af:aa:eb:f5:4b:
+ 80:1c:b2:ce:91:a4:d6:e3:55:20:1b:e5:7d:1b:46:4d:
+ 7b:d4:e3:53:2b:8c:68:e1:54:03:73:fe:e6:14:03:b3:
+ fd:ea:c5:b1:36:ef:0e:61:0b:f8:9a:5c:a1:e4:10:e4:
+ de:2b:58:a9:fb:88:37:da:4b:92:f4:4b:48:a1:aa:46:
+ bf:a8:b7:a8:41:33:07:b2:b0:24:fc:23:88:cc:06:d1:
+ 45:5e:cc:c2:9a:2b:61:05:1e:31:f4:ef:a7:ed:05:1c:
+ 21:85:ab:c4:a9:13:f4:59:bc:3e:f1:c5:79:bf:1d:30:
+ d5:94:ed:eb:40:c5:05:6b:73:f7:b0:65:b7:98:1b:e4:
+ b4:d4:f1:63:d6:5a:29:01:31:f1:66:a1:52:0a:30:7a:
+ 46:e9:23:88:87:b4:05:f3:54:6f:37:e9:ba:d2:d7:3d:
+ 4b:99:bb:47:7f:cf:91:21:4f:e7:e0:34:a5:d4:6f:dc:
+ de:60:5b:2a:79:b3:f5:96:7f:c9:b0:e2:74:30:9e:3f
+ Fingerprint (MD5):
+ 33:E4:65:72:E7:73:63:F6:4D:F3:0D:1B:79:4B:51:BA
+ Fingerprint (SHA1):
+ 2B:3B:C2:42:09:1F:DC:3C:E8:DD:1C:2E:27:CB:22:34:4B:F2:2A:A9
+
+ Certificate Trust Flags:
+ SSL Flags:
+ User
+ Email Flags:
+ User
+ Object Signing Flags:
+ User
+
+</certpp>
+ <tag>subsystem</tag>
+ <dn>subsystem</dn>
+ </reqcertinfo>
+ </element>
+ <element>
+ <reqcertinfo>
+ <name>Audit Log Signing Certificate</name>
+ <req>-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMdVFBT
+IEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590Seob6Ee4+8A7ypAy0aJ9E
+8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE77XZCpnz1Ddv/fQ71CZw
+Lhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru3R7ekVngXp8VE2N5VWBC
+kWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWejtWaI7AvYuh7UWbaz+aPg
+GFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEMI1m9FDbF6dIdH/zFSXEQ
+O+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxqjA3aXrIgNMh2wFgU4fcX
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAk7D7vqIVUQPPchUR6MWoHyM3
+w5og8cRPE3nJQKPMhy+z1dBC67iTlPDM12entGVC+r4snbvNAfzibV/u9G4z
+IurRS42vLls06hCHe2+jDr2xrpHf5iM4QExQuMSFZ9+N0xXg5ytDvWLi/LtI
+YProlIaSmOdndJDQr6KPtsGb2My7a4iMBV/qVSD9A6bblbxJNPFHoiTuYj72
+7fWNT0JH2g0OmqZa5lx1o4q8dWAfKlrsMGB7OTRyJ7Y2V7FGgY50isrcxnuw
+XTCPxOQGEL2T/F5q/4F+ZyJix1SfhoQys4RBXxvQbhNvbPIAHtHg/5bcbPMN
+GNlW6BI4kN+UNRYGtQ==
+-----END NEW CERTIFICATE REQUEST-----</req>
+ <cert>-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF
+WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz
+MTEyMTE3NTQ1M1oXDTE1MTExMTE3NTQ1M1owOjEQMA4GA1UEChMHRVhBTVBM
+RTEmMCQGA1UEAxMdVFBTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590S
+eob6Ee4+8A7ypAy0aJ9E8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE
+77XZCpnz1Ddv/fQ71CZwLhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru
+3R7ekVngXp8VE2N5VWBCkWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWej
+tWaI7AvYuh7UWbaz+aPgGFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEM
+I1m9FDbF6dIdH/zFSXEQO+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxq
+jA3aXrIgNMh2wFgU4fcXAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUY6p+ucCt
+MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo
+dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v
+Y3NwMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAKPq8ro5J
+Di7LVv45eUH5AYrOiMqa10qWDr5dEqFqn7FZ3sK4A8zx/pQc+Iz3LMaaapgl
+hxXen9un2ZoAKqBJ3IES24nLr9xU+aS2vKZseGi7UZMHAxC/b3gerZvHY9p5
+CqWDPDO/ksnWikndaWvTZeqfXvqSvoJnDuwv/tCsLTTBzZ5ReTUiCAh91TXU
+4LJCl8q/+IeBOvz9g+iFwICN6FiXrq5j5GJgA/NOHwCvwMpH+lmK+H4mvUlr
+aVCWubitl7KqiepEyZAlyTuUX5t/u05xePVkaU/e3WijL6SSygcxH4Q9EQC8
+9PT07QwEbXSPXhv0n79x+Lhf4RuR4qZd4Q==
+-----END CERTIFICATE-----</cert>
+ <certpp>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 18 (0x12)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:54:53 2013
+ Not After : Wed Nov 11 17:54:53 2015
+ Subject: CN=TPS Audit Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ d0:ba:55:c6:b3:d6:2f:2a:a6:cd:a7:d2:55:e7:dd:12:
+ 7a:86:fa:11:ee:3e:f0:0e:f2:a4:0c:b4:68:9f:44:f1:
+ bc:31:75:9d:d3:3f:d7:e5:32:61:45:d7:f1:29:a7:ca:
+ e2:4f:90:54:1e:77:f5:8f:71:e9:be:28:44:ef:b5:d9:
+ 0a:99:f3:d4:37:6f:fd:f4:3b:d4:26:70:2e:1c:76:5a:
+ 10:11:42:6e:bf:d3:bf:be:5f:50:3b:4d:90:0b:30:d9:
+ 40:45:02:ae:62:af:27:17:64:6e:dd:1e:de:91:59:e0:
+ 5e:9f:15:13:63:79:55:60:42:91:66:22:45:8e:40:c6:
+ dd:61:5b:6e:77:4a:24:ee:49:c2:17:c2:67:fd:29:ea:
+ 4c:07:62:f7:45:67:a3:b5:66:88:ec:0b:d8:ba:1e:d4:
+ 59:b6:b3:f9:a3:e0:18:5b:02:2e:2f:01:f3:04:2b:88:
+ 9f:61:c8:e5:a9:cd:df:04:6a:c1:a4:d6:9b:cc:f0:ff:
+ 14:82:71:0c:23:59:bd:14:36:c5:e9:d2:1d:1f:fc:c5:
+ 49:71:10:3b:e6:d3:1a:a4:2b:8b:da:05:9d:76:c3:fb:
+ 70:98:b6:0c:7a:7f:a8:7c:b3:4a:13:4e:f5:c3:6a:4c:
+ 6a:8c:0d:da:5e:b2:20:34:c8:76:c0:58:14:e1:f7:17
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 28:fa:bc:ae:8e:49:0e:2e:cb:56:fe:39:79:41:f9:01:
+ 8a:ce:88:ca:9a:d7:4a:96:0e:be:5d:12:a1:6a:9f:b1:
+ 59:de:c2:b8:03:cc:f1:fe:94:1c:f8:8c:f7:2c:c6:9a:
+ 6a:98:25:87:15:de:9f:db:a7:d9:9a:00:2a:a0:49:dc:
+ 81:12:db:89:cb:af:dc:54:f9:a4:b6:bc:a6:6c:78:68:
+ bb:51:93:07:03:10:bf:6f:78:1e:ad:9b:c7:63:da:79:
+ 0a:a5:83:3c:33:bf:92:c9:d6:8a:49:dd:69:6b:d3:65:
+ ea:9f:5e:fa:92:be:82:67:0e:ec:2f:fe:d0:ac:2d:34:
+ c1:cd:9e:51:79:35:22:08:08:7d:d5:35:d4:e0:b2:42:
+ 97:ca:bf:f8:87:81:3a:fc:fd:83:e8:85:c0:80:8d:e8:
+ 58:97:ae:ae:63:e4:62:60:03:f3:4e:1f:00:af:c0:ca:
+ 47:fa:59:8a:f8:7e:26:bd:49:6b:69:50:96:b9:b8:ad:
+ 97:b2:aa:89:ea:44:c9:90:25:c9:3b:94:5f:9b:7f:bb:
+ 4e:71:78:f5:64:69:4f:de:dd:68:a3:2f:a4:92:ca:07:
+ 31:1f:84:3d:11:00:bc:f4:f4:f4:ed:0c:04:6d:74:8f:
+ 5e:1b:f4:9f:bf:71:f8:b8:5f:e1:1b:91:e2:a6:5d:e1
+ Fingerprint (MD5):
+ 8C:A7:63:34:2C:55:22:B5:BA:22:5E:F8:BF:36:69:93
+ Fingerprint (SHA1):
+ AC:AA:23:8E:CF:C0:A9:1C:BB:B5:1E:DC:82:D2:02:7D:0C:2B:F5:50
+
+ Certificate Trust Flags:
+ SSL Flags:
+ User
+ Email Flags:
+ User
+ Object Signing Flags:
+ Terminal Record
+ Trusted
+ User
+
+</certpp>
+ <tag>audit_signing</tag>
+ <dn>audit_signing</dn>
+ </reqcertinfo>
+ </element>
+ </reqscerts>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <secureconn>false</secureconn>
+ <select>default</select>
+ <showApplyButton>true</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>14</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>Certificate Requests</title>
+ <urls>
+ <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ <element>External CA</element>
+ </urls>
+ <urls_size>3</urls_size>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=13&sslserver=&sslserver_cc=&subsystem=&subsystem_cc=&audit_signing=&audit_signing_cc=&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:01 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <admin_email/>
+ <admin_name>TPS Administrator</admin_name>
+ <admin_pwd/>
+ <admin_pwd_again/>
+ <admin_uid>admin</admin_uid>
+ <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn>
+ <binddn>cn=directory manager</binddn>
+ <bindpwd/>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <certs>
+ <element>
+ <certinfo>
+ <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>sslserver</tag>
+ <friendly>SSL Server Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>subsystem</tag>
+ <friendly>Subsystem Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>audit_signing</tag>
+ <friendly>Audit Log Signing Certificate</friendly>
+ </certinfo>
+ </element>
+ </certs>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <custom_size>2048</custom_size>
+ <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <default_ecc_curvename>nistp256</default_ecc_curvename>
+ <default_keysize>2048</default_keysize>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <firsttime>true</firsttime>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <hostname>localhost</hostname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <import>true</import>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list>
+ <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list>
+ <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>14</p>
+ <panel>tps/admin/console/config/adminpanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <portStr>389</portStr>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <reqscerts>
+ <element>
+ <reqcertinfo>
+ <name>SSL Server Certificate</name>
+ <req>-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMddm0t
+MDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8VWAvSv5V4LRR/MlGgZLf3
+yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpAwSVN1CWtrbflP5O9wkVF
+kxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1pfW4Jb6O+vOUzHHNEfH3U
+hFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwgdIxI1Q9jZZTiuupfu3Hq
+Ipt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1XmBoIvIAJiDWUETBiB4X
+iYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOvAqer08kY4ELo70uE1IWX
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAjAtHz3uSFKDHpYgxCFKiAxSv
+NUHdhIZO4DjEl6BuxvH2dkrMOeBuzmGUdB/dmprKvMBRtTwjopD/vbRTkKPc
+bB4j92pVxlAUlAd4dvzuFGcK/mhB8kdmCXAAgBOPKlZgpHoWRRaEqbdFznjQ
+KDz1lFE6Lb1Wpmcx9u6ZUWjHLd4sr+Ym+byXx9DroMBYV3rK35xUhpNlMjUM
+PSX+Fqgx4ddGgpGm0kh9TlczNUMQb+kqds8c3SRCfUTZNo4cE/LOEDqkUdYy
+XwTXjjAag7c6b7Dv8/OR4jNNrvAihn5YdlAo3aRssE6zQCKrOfN2bYy3uWMG
++VqC9saBiWkg8sgPbg==
+-----END NEW CERTIFICATE REQUEST-----</req>
+ <cert>-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF
+WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz
+MTEyMTE3NTQ0OVoXDTE1MTExMTE3NTQ0OVowOjEQMA4GA1UEChMHRVhBTVBM
+RTEmMCQGA1UEAxMddm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8V
+WAvSv5V4LRR/MlGgZLf3yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpA
+wSVN1CWtrbflP5O9wkVFkxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1p
+fW4Jb6O+vOUzHHNEfH3UhFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwg
+dIxI1Q9jZZTiuupfu3HqIpt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1
+XmBoIvIAJiDWUETBiB4XiYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOv
+Aqer08kY4ELo70uE1IWXAgMBAAGjgawwgakwHwYDVR0jBBgwFoAUY6p+ucCt
+MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo
+dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v
+Y3NwMA4GA1UdDwEB/wQEAwIE8DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB
+BQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQDbNeargy6K/gjb
+kkkSgvyfB+evtAGk5O+6lHuAhWefvS4LEkY6VyfZ2q8FJ5i5emIX5udlCpaR
+rd1B5czHsv/QRboUYSIVHcUAaQJyxakIF2gzfGtNiTDWFcNNdhLXfBkZMesy
+F9azUAJyWIwe4i965F39si+V8MsdcMJB72K5Yk7/IPjANBoN5ZMxFQN1jODX
+JRyaSSx34q+Gh+an7NtEGf7zYw04rWPctaLnojrBwtNi9WxSb5kQcrNL7QPl
+L8ZwMl2xkiPLHIHMXzDSesqgpZNAdiMHy/KusfZRhfJPSc6gY7oM7fKyIdJS
+hOq8/unh4rG37Ws7TLWxV3BNUv7R
+-----END CERTIFICATE-----</cert>
+ <certpp>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 16 (0x10)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:54:49 2013
+ Not After : Wed Nov 11 17:54:49 2015
+ Subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ bf:f6:ad:7c:2f:ac:1a:31:29:b4:ff:ab:d0:0d:4f:15:
+ 58:0b:d2:bf:95:78:2d:14:7f:32:51:a0:64:b7:f7:c8:
+ 13:24:c0:3d:8c:08:61:4b:ce:88:6d:be:6c:da:d3:f3:
+ 9f:ab:6f:2b:6a:2c:12:99:6e:58:65:6a:40:c1:25:4d:
+ d4:25:ad:ad:b7:e5:3f:93:bd:c2:45:45:93:1c:b9:92:
+ 2e:f6:41:67:23:2a:fc:28:24:17:91:f2:b5:e1:49:d9:
+ 14:95:bc:79:07:25:75:78:7d:69:7d:6e:09:6f:a3:be:
+ bc:e5:33:1c:73:44:7c:7d:d4:84:50:ee:2b:9d:f9:56:
+ c4:28:3c:b3:72:c3:4b:32:b3:3f:64:f0:08:d7:3f:33:
+ ab:14:6a:69:43:3c:20:74:8c:48:d5:0f:63:65:94:e2:
+ ba:ea:5f:bb:71:ea:22:9b:7b:39:1a:5d:77:69:10:45:
+ 3c:ae:0b:35:fe:f5:3a:78:fe:c8:63:93:ce:e2:a9:72:
+ ec:31:8b:b5:5e:60:68:22:f2:00:26:20:d6:50:44:c1:
+ 88:1e:17:89:8b:22:14:cf:f2:5c:cd:d7:99:5b:95:f9:
+ 22:50:fb:1b:75:5c:82:5c:43:ea:4c:d8:ed:91:0a:43:
+ af:02:a7:ab:d3:c9:18:e0:42:e8:ef:4b:84:d4:85:97
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Key Encipherment
+ Data Encipherment
+
+ Name: Extended Key Usage
+ TLS Web Server Authentication Certificate
+ TLS Web Client Authentication Certificate
+ E-Mail Protection Certificate
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ db:35:e6:ab:83:2e:8a:fe:08:db:92:49:12:82:fc:9f:
+ 07:e7:af:b4:01:a4:e4:ef:ba:94:7b:80:85:67:9f:bd:
+ 2e:0b:12:46:3a:57:27:d9:da:af:05:27:98:b9:7a:62:
+ 17:e6:e7:65:0a:96:91:ad:dd:41:e5:cc:c7:b2:ff:d0:
+ 45:ba:14:61:22:15:1d:c5:00:69:02:72:c5:a9:08:17:
+ 68:33:7c:6b:4d:89:30:d6:15:c3:4d:76:12:d7:7c:19:
+ 19:31:eb:32:17:d6:b3:50:02:72:58:8c:1e:e2:2f:7a:
+ e4:5d:fd:b2:2f:95:f0:cb:1d:70:c2:41:ef:62:b9:62:
+ 4e:ff:20:f8:c0:34:1a:0d:e5:93:31:15:03:75:8c:e0:
+ d7:25:1c:9a:49:2c:77:e2:af:86:87:e6:a7:ec:db:44:
+ 19:fe:f3:63:0d:38:ad:63:dc:b5:a2:e7:a2:3a:c1:c2:
+ d3:62:f5:6c:52:6f:99:10:72:b3:4b:ed:03:e5:2f:c6:
+ 70:32:5d:b1:92:23:cb:1c:81:cc:5f:30:d2:7a:ca:a0:
+ a5:93:40:76:23:07:cb:f2:ae:b1:f6:51:85:f2:4f:49:
+ ce:a0:63:ba:0c:ed:f2:b2:21:d2:52:84:ea:bc:fe:e9:
+ e1:e2:b1:b7:ed:6b:3b:4c:b5:b1:57:70:4d:52:fe:d1
+ Fingerprint (MD5):
+ 5B:BA:5A:1E:52:1A:ED:13:AB:E3:19:4F:A9:A0:F7:F3
+ Fingerprint (SHA1):
+ C5:E3:BA:90:42:9E:A2:8A:80:ED:A7:DE:D7:4A:BB:EC:9B:A1:27:31
+
+ Certificate Trust Flags:
+ SSL Flags:
+ User
+ Email Flags:
+ User
+ Object Signing Flags:
+ User
+
+</certpp>
+ <tag>sslserver</tag>
+ <dn>sslserver</dn>
+ </reqcertinfo>
+ </element>
+ <element>
+ <reqcertinfo>
+ <name>Subsystem Certificate</name>
+ <req>-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICezCCAWMCAQAwNjEQMA4GA1UEChMHRVhBTVBMRTEiMCAGA1UEAxMZVFBT
+IFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0AjjFK2Jg20ip1tcP5/8R2n
+xTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIzobfBbamW7vzML4mL9bwP
+jh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB3/ctf+fPTIdtWZ12pIJP
+K9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ0lh6w+MyJ2GBjbpK3r8p
+GuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qRW5yPbgIWqPSR7uwOL7Vi
+MrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcxQftG4o7vh0eThG0CAwEA
+AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAV8clzGabViitCdWmz2DeE4alTiYqa
+HWeXno4nKCXBttdkgrr4lu1hNfIjJSxHfj1R+FmAz27jtvA/0bDdBXRuTyzx
+ROhZ7raoMymQCW+w8tYO/ThaVQLijx+muX13gfCU0Bxq5+WDRJY4P4TCa49P
+3RBMziTc7kVagdmjhWYjnwRyWr8acOo4qEoo/X0wLC01MAe24OyKbfCt+FbT
+6PgjCVUAQ5HjmeWXyZQc89iZrkz2XVTFwQUKieni47pAVSL/Abkng2U8czIw
+cbBbP6DFO9t2L2Dye9z9LaA9jwSPVaRyKUdOEfemK75kQRLixs2BXUEeZazQ
+QgPZ9cJsptbf
+-----END NEW CERTIFICATE REQUEST-----</req>
+ <cert>-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBETANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF
+WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz
+MTEyMTE3NTQ1MFoXDTE1MTExMTE3NTQ1MFowNjEQMA4GA1UEChMHRVhBTVBM
+RTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0Aj
+jFK2Jg20ip1tcP5/8R2nxTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIz
+obfBbamW7vzML4mL9bwPjh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB
+3/ctf+fPTIdtWZ12pIJPK9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ
+0lh6w+MyJ2GBjbpK3r8pGuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qR
+W5yPbgIWqPSR7uwOL7ViMrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcx
+QftG4o7vh0eThG0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBRjqn65wK0yKEDu
+gzfgeN+hflzSRDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6
+Ly92bS0wODQuaWRtLmxhYi5ib3MucmVkaGF0LmNvbTo4MDgwL2NhL29jc3Aw
+DgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3
+DQEBCwUAA4IBAQDRBXrEAqLiecW5Xh0yEwgGbcDtpRO2BCbFp3F2W8wURlo0
+axinBQCwdDGkgkXCodyib/CkJk0E5MpbJ6+q6/VLgByyzpGk1uNVIBvlfRtG
+TXvU41MrjGjhVANz/uYUA7P96sWxNu8OYQv4mlyh5BDk3itYqfuIN9pLkvRL
+SKGqRr+ot6hBMweysCT8I4jMBtFFXszCmithBR4x9O+n7QUcIYWrxKkT9Fm8
+PvHFeb8dMNWU7etAxQVrc/ewZbeYG+S01PFj1lopATHxZqFSCjB6RukjiIe0
+BfNUbzfputLXPUuZu0d/z5EhT+fgNKXUb9zeYFsqebP1ln/JsOJ0MJ4/
+-----END CERTIFICATE-----</cert>
+ <certpp>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 17 (0x11)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:54:50 2013
+ Not After : Wed Nov 11 17:54:50 2015
+ Subject: CN=TPS Subsystem Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ b0:81:63:41:45:31:21:56:27:2e:86:ee:03:7d:e2:1f:
+ 1b:b3:40:23:8c:52:b6:26:0d:b4:8a:9d:6d:70:fe:7f:
+ f1:1d:a7:c5:32:da:ab:cf:8e:0f:15:05:1a:dd:dd:d6:
+ f8:66:b5:f2:88:a0:3d:61:a7:a9:8c:c4:ac:90:82:f2:
+ 33:a1:b7:c1:6d:a9:96:ee:fc:cc:2f:89:8b:f5:bc:0f:
+ 8e:1f:af:79:00:b4:86:ac:d9:8b:c6:ed:e3:3d:56:a4:
+ 42:3a:45:99:18:18:38:a2:bb:dc:b1:d4:d5:81:df:f7:
+ 2d:7f:e7:cf:4c:87:6d:59:9d:76:a4:82:4f:2b:d0:33:
+ cb:64:47:20:15:6f:49:1a:ae:52:5c:72:b9:a4:1d:d7:
+ 12:7c:56:04:53:fd:8f:c3:0d:23:89:d2:58:7a:c3:e3:
+ 32:27:61:81:8d:ba:4a:de:bf:29:1a:e3:67:39:4a:79:
+ ff:54:9a:66:d6:38:01:80:a1:d6:1e:f2:34:d5:81:60:
+ ba:10:06:64:d6:df:ea:91:5b:9c:8f:6e:02:16:a8:f4:
+ 91:ee:ec:0e:2f:b5:62:32:bc:47:3a:58:e7:fc:5a:e9:
+ 63:74:30:00:cb:2d:16:7c:05:e5:b3:93:df:ab:bd:ea:
+ da:58:40:f7:31:41:fb:46:e2:8e:ef:87:47:93:84:6d
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Key Encipherment
+ Data Encipherment
+
+ Name: Extended Key Usage
+ TLS Web Client Authentication Certificate
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ d1:05:7a:c4:02:a2:e2:79:c5:b9:5e:1d:32:13:08:06:
+ 6d:c0:ed:a5:13:b6:04:26:c5:a7:71:76:5b:cc:14:46:
+ 5a:34:6b:18:a7:05:00:b0:74:31:a4:82:45:c2:a1:dc:
+ a2:6f:f0:a4:26:4d:04:e4:ca:5b:27:af:aa:eb:f5:4b:
+ 80:1c:b2:ce:91:a4:d6:e3:55:20:1b:e5:7d:1b:46:4d:
+ 7b:d4:e3:53:2b:8c:68:e1:54:03:73:fe:e6:14:03:b3:
+ fd:ea:c5:b1:36:ef:0e:61:0b:f8:9a:5c:a1:e4:10:e4:
+ de:2b:58:a9:fb:88:37:da:4b:92:f4:4b:48:a1:aa:46:
+ bf:a8:b7:a8:41:33:07:b2:b0:24:fc:23:88:cc:06:d1:
+ 45:5e:cc:c2:9a:2b:61:05:1e:31:f4:ef:a7:ed:05:1c:
+ 21:85:ab:c4:a9:13:f4:59:bc:3e:f1:c5:79:bf:1d:30:
+ d5:94:ed:eb:40:c5:05:6b:73:f7:b0:65:b7:98:1b:e4:
+ b4:d4:f1:63:d6:5a:29:01:31:f1:66:a1:52:0a:30:7a:
+ 46:e9:23:88:87:b4:05:f3:54:6f:37:e9:ba:d2:d7:3d:
+ 4b:99:bb:47:7f:cf:91:21:4f:e7:e0:34:a5:d4:6f:dc:
+ de:60:5b:2a:79:b3:f5:96:7f:c9:b0:e2:74:30:9e:3f
+ Fingerprint (MD5):
+ 33:E4:65:72:E7:73:63:F6:4D:F3:0D:1B:79:4B:51:BA
+ Fingerprint (SHA1):
+ 2B:3B:C2:42:09:1F:DC:3C:E8:DD:1C:2E:27:CB:22:34:4B:F2:2A:A9
+
+ Certificate Trust Flags:
+ SSL Flags:
+ User
+ Email Flags:
+ User
+ Object Signing Flags:
+ User
+
+</certpp>
+ <tag>subsystem</tag>
+ <dn>subsystem</dn>
+ </reqcertinfo>
+ </element>
+ <element>
+ <reqcertinfo>
+ <name>Audit Log Signing Certificate</name>
+ <req>-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMdVFBT
+IEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590Seob6Ee4+8A7ypAy0aJ9E
+8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE77XZCpnz1Ddv/fQ71CZw
+Lhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru3R7ekVngXp8VE2N5VWBC
+kWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWejtWaI7AvYuh7UWbaz+aPg
+GFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEMI1m9FDbF6dIdH/zFSXEQ
+O+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxqjA3aXrIgNMh2wFgU4fcX
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAk7D7vqIVUQPPchUR6MWoHyM3
+w5og8cRPE3nJQKPMhy+z1dBC67iTlPDM12entGVC+r4snbvNAfzibV/u9G4z
+IurRS42vLls06hCHe2+jDr2xrpHf5iM4QExQuMSFZ9+N0xXg5ytDvWLi/LtI
+YProlIaSmOdndJDQr6KPtsGb2My7a4iMBV/qVSD9A6bblbxJNPFHoiTuYj72
+7fWNT0JH2g0OmqZa5lx1o4q8dWAfKlrsMGB7OTRyJ7Y2V7FGgY50isrcxnuw
+XTCPxOQGEL2T/F5q/4F+ZyJix1SfhoQys4RBXxvQbhNvbPIAHtHg/5bcbPMN
+GNlW6BI4kN+UNRYGtQ==
+-----END NEW CERTIFICATE REQUEST-----</req>
+ <cert>-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF
+WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz
+MTEyMTE3NTQ1M1oXDTE1MTExMTE3NTQ1M1owOjEQMA4GA1UEChMHRVhBTVBM
+RTEmMCQGA1UEAxMdVFBTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590S
+eob6Ee4+8A7ypAy0aJ9E8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE
+77XZCpnz1Ddv/fQ71CZwLhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru
+3R7ekVngXp8VE2N5VWBCkWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWej
+tWaI7AvYuh7UWbaz+aPgGFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEM
+I1m9FDbF6dIdH/zFSXEQO+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxq
+jA3aXrIgNMh2wFgU4fcXAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUY6p+ucCt
+MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo
+dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v
+Y3NwMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAKPq8ro5J
+Di7LVv45eUH5AYrOiMqa10qWDr5dEqFqn7FZ3sK4A8zx/pQc+Iz3LMaaapgl
+hxXen9un2ZoAKqBJ3IES24nLr9xU+aS2vKZseGi7UZMHAxC/b3gerZvHY9p5
+CqWDPDO/ksnWikndaWvTZeqfXvqSvoJnDuwv/tCsLTTBzZ5ReTUiCAh91TXU
+4LJCl8q/+IeBOvz9g+iFwICN6FiXrq5j5GJgA/NOHwCvwMpH+lmK+H4mvUlr
+aVCWubitl7KqiepEyZAlyTuUX5t/u05xePVkaU/e3WijL6SSygcxH4Q9EQC8
+9PT07QwEbXSPXhv0n79x+Lhf4RuR4qZd4Q==
+-----END CERTIFICATE-----</cert>
+ <certpp>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 18 (0x12)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:54:53 2013
+ Not After : Wed Nov 11 17:54:53 2015
+ Subject: CN=TPS Audit Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ d0:ba:55:c6:b3:d6:2f:2a:a6:cd:a7:d2:55:e7:dd:12:
+ 7a:86:fa:11:ee:3e:f0:0e:f2:a4:0c:b4:68:9f:44:f1:
+ bc:31:75:9d:d3:3f:d7:e5:32:61:45:d7:f1:29:a7:ca:
+ e2:4f:90:54:1e:77:f5:8f:71:e9:be:28:44:ef:b5:d9:
+ 0a:99:f3:d4:37:6f:fd:f4:3b:d4:26:70:2e:1c:76:5a:
+ 10:11:42:6e:bf:d3:bf:be:5f:50:3b:4d:90:0b:30:d9:
+ 40:45:02:ae:62:af:27:17:64:6e:dd:1e:de:91:59:e0:
+ 5e:9f:15:13:63:79:55:60:42:91:66:22:45:8e:40:c6:
+ dd:61:5b:6e:77:4a:24:ee:49:c2:17:c2:67:fd:29:ea:
+ 4c:07:62:f7:45:67:a3:b5:66:88:ec:0b:d8:ba:1e:d4:
+ 59:b6:b3:f9:a3:e0:18:5b:02:2e:2f:01:f3:04:2b:88:
+ 9f:61:c8:e5:a9:cd:df:04:6a:c1:a4:d6:9b:cc:f0:ff:
+ 14:82:71:0c:23:59:bd:14:36:c5:e9:d2:1d:1f:fc:c5:
+ 49:71:10:3b:e6:d3:1a:a4:2b:8b:da:05:9d:76:c3:fb:
+ 70:98:b6:0c:7a:7f:a8:7c:b3:4a:13:4e:f5:c3:6a:4c:
+ 6a:8c:0d:da:5e:b2:20:34:c8:76:c0:58:14:e1:f7:17
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 28:fa:bc:ae:8e:49:0e:2e:cb:56:fe:39:79:41:f9:01:
+ 8a:ce:88:ca:9a:d7:4a:96:0e:be:5d:12:a1:6a:9f:b1:
+ 59:de:c2:b8:03:cc:f1:fe:94:1c:f8:8c:f7:2c:c6:9a:
+ 6a:98:25:87:15:de:9f:db:a7:d9:9a:00:2a:a0:49:dc:
+ 81:12:db:89:cb:af:dc:54:f9:a4:b6:bc:a6:6c:78:68:
+ bb:51:93:07:03:10:bf:6f:78:1e:ad:9b:c7:63:da:79:
+ 0a:a5:83:3c:33:bf:92:c9:d6:8a:49:dd:69:6b:d3:65:
+ ea:9f:5e:fa:92:be:82:67:0e:ec:2f:fe:d0:ac:2d:34:
+ c1:cd:9e:51:79:35:22:08:08:7d:d5:35:d4:e0:b2:42:
+ 97:ca:bf:f8:87:81:3a:fc:fd:83:e8:85:c0:80:8d:e8:
+ 58:97:ae:ae:63:e4:62:60:03:f3:4e:1f:00:af:c0:ca:
+ 47:fa:59:8a:f8:7e:26:bd:49:6b:69:50:96:b9:b8:ad:
+ 97:b2:aa:89:ea:44:c9:90:25:c9:3b:94:5f:9b:7f:bb:
+ 4e:71:78:f5:64:69:4f:de:dd:68:a3:2f:a4:92:ca:07:
+ 31:1f:84:3d:11:00:bc:f4:f4:f4:ed:0c:04:6d:74:8f:
+ 5e:1b:f4:9f:bf:71:f8:b8:5f:e1:1b:91:e2:a6:5d:e1
+ Fingerprint (MD5):
+ 8C:A7:63:34:2C:55:22:B5:BA:22:5E:F8:BF:36:69:93
+ Fingerprint (SHA1):
+ AC:AA:23:8E:CF:C0:A9:1C:BB:B5:1E:DC:82:D2:02:7D:0C:2B:F5:50
+
+ Certificate Trust Flags:
+ SSL Flags:
+ User
+ Email Flags:
+ User
+ Object Signing Flags:
+ Terminal Record
+ Trusted
+ User
+
+</certpp>
+ <tag>audit_signing</tag>
+ <dn>audit_signing</dn>
+ </reqcertinfo>
+ </element>
+ </reqscerts>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <secureconn>false</secureconn>
+ <securityDomain>EXAMPLE</securityDomain>
+ <select>default</select>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>15</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>Administrator</title>
+ <urls>
+ <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ <element>External CA</element>
+ </urls>
+ <urls_size>3</urls_size>
+</xml>
+Sleeping for 5 secs..
+CRYPTO INIT WITH CERTDB:/home/edewata/Projects/pki-dev/certs/tps
+Crypto manager already initialized
+Debug : initialize crypto Manager
+INITIALIZATION ERROR: org.mozilla.jss.crypto.AlreadyInitializedException
+cdir = /home/edewata/Projects/pki-dev/certs/tps
+Debug : before getInstance
+Debug : before get token
+Debug : before login password
+Debug : after login password
+CRMF_REQUEST = MIIBqjCCAaYwggGaAgEBMIIBkYABAqVmMGQxEDAOBgNVBAoMB0VYQU1QTEUxIzAh
+BgkqhkiG9w0BCQEWFHRwc2FkbWluQGV4YW1wbGUuY29tMRgwFgYKCZImiZPyLGQB
+AQwIdHBzYWRtaW4xETAPBgNVBAMMCHRwc2FkbWlupoIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAvS/Qy27oL6ttnTVtJ86FsmrtrJ/lJMax4P1BAFmlFyEJ
+wOizJzo6VPVl41Pzzo3NNejnH8PYZzXVcJjAYmnq7jMb0VRwdR1jUp4eIIzA+IAe
+Fwy+dpoV++OAHwZzd1Bwmi2cLEKe1EM5jjGm41/Sl+CvVSP5G29ASbjHvoENEnf3
+8DA4Z5xYNgTZE67kjp45SJSCMkDS0z5FLc7KGn2twEHR8dPvjvppnmLPmT/BX3kD
+fzyY9/Sfh0964kNXmJJ1vtvp6ZDsKjw6gl33yPOpSxwWro5xiX/WmF4jCNJOmNHA
++RXHx9BCIEdQDg2Ae5JanMFWgYHtbRrO4ERXJ3vMXwIDAQABMACiBoAEAwADAA==
+
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=14&uid=tpsadmin&name=TPS+Administrator&email=tpsadmin%40example.com&__pwd=Secret123&__admin_password_again=Secret123&cert_request=MIIBqjCCAaYwggGaAgEBMIIBkYABAqVmMGQxEDAOBgNVBAoMB0VYQU1QTEUxIzAh%0D%0ABgkqhkiG9w0BCQEWFHRwc2FkbWluQGV4YW1wbGUuY29tMRgwFgYKCZImiZPyLGQB%0D%0AAQwIdHBzYWRtaW4xETAPBgNVBAMMCHRwc2FkbWlupoIBIjANBgkqhkiG9w0BAQEF%0D%0AAAOCAQ8AMIIBCgKCAQEAvS%2FQy27oL6ttnTVtJ86FsmrtrJ%2FlJMax4P1BAFmlFyEJ%0D%0AwOizJzo6VPVl41Pzzo3NNejnH8PYZzXVcJjAYmnq7jMb0VRwdR1jUp4eIIzA%2BIAe%0D%0AFwy%2BdpoV%2B%2BOAHwZzd1Bwmi2cLEKe1EM5jjGm41%2FSl%2BCvVSP5G29ASbjHvoENEnf3%0D%0A8DA4Z5xYNgTZE67kjp45SJSCMkDS0z5FLc7KGn2twEHR8dPvjvppnmLPmT%2FBX3kD%0D%0AfzyY9%2FSfh0964kNXmJJ1vtvp6ZDsKjw6gl33yPOpSxwWro5xiX%2FWmF4jCNJOmNHA%0D%0A%2BRXHx9BCIEdQDg2Ae5JanMFWgYHtbRrO4ERXJ3vMXwIDAQABMACiBoAEAwADAA%3D%3D%0D%0A&display=0&profileId=caAdminCert&cert_request_type=crmf&import=true&uid=tpsadmin&clone=0&securitydomain=EXAMPLE&subject=CN%3Dtpsadmin%2CUID%3Dtpsadmin%2CE%3Dtpsadmin%40example.com%2CO%3DEXAMPLE&requestor_name=TPS-vm-084.idm.lab.bos.redhat.com-7890&sessionID=5892650296702736989&auth_hostname=vm-084.idm.lab.bos.redhat.com&auth_port=8443&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:09 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <admin_email/>
+ <admin_name>TPS Administrator</admin_name>
+ <admin_pwd/>
+ <admin_pwd_again/>
+ <admin_uid>admin</admin_uid>
+ <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn>
+ <binddn>cn=directory manager</binddn>
+ <bindpwd/>
+ <ca>false</ca>
+ <caHost>vm-084.idm.lab.bos.redhat.com</caHost>
+ <caPort>8443</caPort>
+ <caType>ca</caType>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <certs>
+ <element>
+ <certinfo>
+ <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>sslserver</tag>
+ <friendly>SSL Server Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>subsystem</tag>
+ <friendly>Subsystem Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>audit_signing</tag>
+ <friendly>Audit Log Signing Certificate</friendly>
+ </certinfo>
+ </element>
+ </certs>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <custom_size>2048</custom_size>
+ <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <default_ecc_curvename>nistp256</default_ecc_curvename>
+ <default_keysize>2048</default_keysize>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <firsttime>true</firsttime>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <hostname>localhost</hostname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <import>true</import>
+ <info/>
+ <instanceID>&amp;lt;security_domain_instance_name&amp;gt;</instanceID>
+ <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list>
+ <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list>
+ <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list>
+ <lastpanel>0</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <oms/>
+ <p>15</p>
+ <panel>tps/admin/console/config/importadmincertpanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <portStr>389</portStr>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <reqscerts>
+ <element>
+ <reqcertinfo>
+ <name>SSL Server Certificate</name>
+ <req>-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMddm0t
+MDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8VWAvSv5V4LRR/MlGgZLf3
+yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpAwSVN1CWtrbflP5O9wkVF
+kxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1pfW4Jb6O+vOUzHHNEfH3U
+hFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwgdIxI1Q9jZZTiuupfu3Hq
+Ipt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1XmBoIvIAJiDWUETBiB4X
+iYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOvAqer08kY4ELo70uE1IWX
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAjAtHz3uSFKDHpYgxCFKiAxSv
+NUHdhIZO4DjEl6BuxvH2dkrMOeBuzmGUdB/dmprKvMBRtTwjopD/vbRTkKPc
+bB4j92pVxlAUlAd4dvzuFGcK/mhB8kdmCXAAgBOPKlZgpHoWRRaEqbdFznjQ
+KDz1lFE6Lb1Wpmcx9u6ZUWjHLd4sr+Ym+byXx9DroMBYV3rK35xUhpNlMjUM
+PSX+Fqgx4ddGgpGm0kh9TlczNUMQb+kqds8c3SRCfUTZNo4cE/LOEDqkUdYy
+XwTXjjAag7c6b7Dv8/OR4jNNrvAihn5YdlAo3aRssE6zQCKrOfN2bYy3uWMG
++VqC9saBiWkg8sgPbg==
+-----END NEW CERTIFICATE REQUEST-----</req>
+ <cert>-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF
+WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz
+MTEyMTE3NTQ0OVoXDTE1MTExMTE3NTQ0OVowOjEQMA4GA1UEChMHRVhBTVBM
+RTEmMCQGA1UEAxMddm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8V
+WAvSv5V4LRR/MlGgZLf3yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpA
+wSVN1CWtrbflP5O9wkVFkxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1p
+fW4Jb6O+vOUzHHNEfH3UhFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwg
+dIxI1Q9jZZTiuupfu3HqIpt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1
+XmBoIvIAJiDWUETBiB4XiYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOv
+Aqer08kY4ELo70uE1IWXAgMBAAGjgawwgakwHwYDVR0jBBgwFoAUY6p+ucCt
+MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo
+dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v
+Y3NwMA4GA1UdDwEB/wQEAwIE8DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB
+BQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQDbNeargy6K/gjb
+kkkSgvyfB+evtAGk5O+6lHuAhWefvS4LEkY6VyfZ2q8FJ5i5emIX5udlCpaR
+rd1B5czHsv/QRboUYSIVHcUAaQJyxakIF2gzfGtNiTDWFcNNdhLXfBkZMesy
+F9azUAJyWIwe4i965F39si+V8MsdcMJB72K5Yk7/IPjANBoN5ZMxFQN1jODX
+JRyaSSx34q+Gh+an7NtEGf7zYw04rWPctaLnojrBwtNi9WxSb5kQcrNL7QPl
+L8ZwMl2xkiPLHIHMXzDSesqgpZNAdiMHy/KusfZRhfJPSc6gY7oM7fKyIdJS
+hOq8/unh4rG37Ws7TLWxV3BNUv7R
+-----END CERTIFICATE-----</cert>
+ <certpp>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 16 (0x10)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:54:49 2013
+ Not After : Wed Nov 11 17:54:49 2015
+ Subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ bf:f6:ad:7c:2f:ac:1a:31:29:b4:ff:ab:d0:0d:4f:15:
+ 58:0b:d2:bf:95:78:2d:14:7f:32:51:a0:64:b7:f7:c8:
+ 13:24:c0:3d:8c:08:61:4b:ce:88:6d:be:6c:da:d3:f3:
+ 9f:ab:6f:2b:6a:2c:12:99:6e:58:65:6a:40:c1:25:4d:
+ d4:25:ad:ad:b7:e5:3f:93:bd:c2:45:45:93:1c:b9:92:
+ 2e:f6:41:67:23:2a:fc:28:24:17:91:f2:b5:e1:49:d9:
+ 14:95:bc:79:07:25:75:78:7d:69:7d:6e:09:6f:a3:be:
+ bc:e5:33:1c:73:44:7c:7d:d4:84:50:ee:2b:9d:f9:56:
+ c4:28:3c:b3:72:c3:4b:32:b3:3f:64:f0:08:d7:3f:33:
+ ab:14:6a:69:43:3c:20:74:8c:48:d5:0f:63:65:94:e2:
+ ba:ea:5f:bb:71:ea:22:9b:7b:39:1a:5d:77:69:10:45:
+ 3c:ae:0b:35:fe:f5:3a:78:fe:c8:63:93:ce:e2:a9:72:
+ ec:31:8b:b5:5e:60:68:22:f2:00:26:20:d6:50:44:c1:
+ 88:1e:17:89:8b:22:14:cf:f2:5c:cd:d7:99:5b:95:f9:
+ 22:50:fb:1b:75:5c:82:5c:43:ea:4c:d8:ed:91:0a:43:
+ af:02:a7:ab:d3:c9:18:e0:42:e8:ef:4b:84:d4:85:97
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Key Encipherment
+ Data Encipherment
+
+ Name: Extended Key Usage
+ TLS Web Server Authentication Certificate
+ TLS Web Client Authentication Certificate
+ E-Mail Protection Certificate
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ db:35:e6:ab:83:2e:8a:fe:08:db:92:49:12:82:fc:9f:
+ 07:e7:af:b4:01:a4:e4:ef:ba:94:7b:80:85:67:9f:bd:
+ 2e:0b:12:46:3a:57:27:d9:da:af:05:27:98:b9:7a:62:
+ 17:e6:e7:65:0a:96:91:ad:dd:41:e5:cc:c7:b2:ff:d0:
+ 45:ba:14:61:22:15:1d:c5:00:69:02:72:c5:a9:08:17:
+ 68:33:7c:6b:4d:89:30:d6:15:c3:4d:76:12:d7:7c:19:
+ 19:31:eb:32:17:d6:b3:50:02:72:58:8c:1e:e2:2f:7a:
+ e4:5d:fd:b2:2f:95:f0:cb:1d:70:c2:41:ef:62:b9:62:
+ 4e:ff:20:f8:c0:34:1a:0d:e5:93:31:15:03:75:8c:e0:
+ d7:25:1c:9a:49:2c:77:e2:af:86:87:e6:a7:ec:db:44:
+ 19:fe:f3:63:0d:38:ad:63:dc:b5:a2:e7:a2:3a:c1:c2:
+ d3:62:f5:6c:52:6f:99:10:72:b3:4b:ed:03:e5:2f:c6:
+ 70:32:5d:b1:92:23:cb:1c:81:cc:5f:30:d2:7a:ca:a0:
+ a5:93:40:76:23:07:cb:f2:ae:b1:f6:51:85:f2:4f:49:
+ ce:a0:63:ba:0c:ed:f2:b2:21:d2:52:84:ea:bc:fe:e9:
+ e1:e2:b1:b7:ed:6b:3b:4c:b5:b1:57:70:4d:52:fe:d1
+ Fingerprint (MD5):
+ 5B:BA:5A:1E:52:1A:ED:13:AB:E3:19:4F:A9:A0:F7:F3
+ Fingerprint (SHA1):
+ C5:E3:BA:90:42:9E:A2:8A:80:ED:A7:DE:D7:4A:BB:EC:9B:A1:27:31
+
+ Certificate Trust Flags:
+ SSL Flags:
+ User
+ Email Flags:
+ User
+ Object Signing Flags:
+ User
+
+</certpp>
+ <tag>sslserver</tag>
+ <dn>sslserver</dn>
+ </reqcertinfo>
+ </element>
+ <element>
+ <reqcertinfo>
+ <name>Subsystem Certificate</name>
+ <req>-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICezCCAWMCAQAwNjEQMA4GA1UEChMHRVhBTVBMRTEiMCAGA1UEAxMZVFBT
+IFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0AjjFK2Jg20ip1tcP5/8R2n
+xTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIzobfBbamW7vzML4mL9bwP
+jh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB3/ctf+fPTIdtWZ12pIJP
+K9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ0lh6w+MyJ2GBjbpK3r8p
+GuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qRW5yPbgIWqPSR7uwOL7Vi
+MrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcxQftG4o7vh0eThG0CAwEA
+AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAV8clzGabViitCdWmz2DeE4alTiYqa
+HWeXno4nKCXBttdkgrr4lu1hNfIjJSxHfj1R+FmAz27jtvA/0bDdBXRuTyzx
+ROhZ7raoMymQCW+w8tYO/ThaVQLijx+muX13gfCU0Bxq5+WDRJY4P4TCa49P
+3RBMziTc7kVagdmjhWYjnwRyWr8acOo4qEoo/X0wLC01MAe24OyKbfCt+FbT
+6PgjCVUAQ5HjmeWXyZQc89iZrkz2XVTFwQUKieni47pAVSL/Abkng2U8czIw
+cbBbP6DFO9t2L2Dye9z9LaA9jwSPVaRyKUdOEfemK75kQRLixs2BXUEeZazQ
+QgPZ9cJsptbf
+-----END NEW CERTIFICATE REQUEST-----</req>
+ <cert>-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBETANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF
+WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz
+MTEyMTE3NTQ1MFoXDTE1MTExMTE3NTQ1MFowNjEQMA4GA1UEChMHRVhBTVBM
+RTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0Aj
+jFK2Jg20ip1tcP5/8R2nxTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIz
+obfBbamW7vzML4mL9bwPjh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB
+3/ctf+fPTIdtWZ12pIJPK9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ
+0lh6w+MyJ2GBjbpK3r8pGuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qR
+W5yPbgIWqPSR7uwOL7ViMrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcx
+QftG4o7vh0eThG0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBRjqn65wK0yKEDu
+gzfgeN+hflzSRDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6
+Ly92bS0wODQuaWRtLmxhYi5ib3MucmVkaGF0LmNvbTo4MDgwL2NhL29jc3Aw
+DgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3
+DQEBCwUAA4IBAQDRBXrEAqLiecW5Xh0yEwgGbcDtpRO2BCbFp3F2W8wURlo0
+axinBQCwdDGkgkXCodyib/CkJk0E5MpbJ6+q6/VLgByyzpGk1uNVIBvlfRtG
+TXvU41MrjGjhVANz/uYUA7P96sWxNu8OYQv4mlyh5BDk3itYqfuIN9pLkvRL
+SKGqRr+ot6hBMweysCT8I4jMBtFFXszCmithBR4x9O+n7QUcIYWrxKkT9Fm8
+PvHFeb8dMNWU7etAxQVrc/ewZbeYG+S01PFj1lopATHxZqFSCjB6RukjiIe0
+BfNUbzfputLXPUuZu0d/z5EhT+fgNKXUb9zeYFsqebP1ln/JsOJ0MJ4/
+-----END CERTIFICATE-----</cert>
+ <certpp>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 17 (0x11)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:54:50 2013
+ Not After : Wed Nov 11 17:54:50 2015
+ Subject: CN=TPS Subsystem Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ b0:81:63:41:45:31:21:56:27:2e:86:ee:03:7d:e2:1f:
+ 1b:b3:40:23:8c:52:b6:26:0d:b4:8a:9d:6d:70:fe:7f:
+ f1:1d:a7:c5:32:da:ab:cf:8e:0f:15:05:1a:dd:dd:d6:
+ f8:66:b5:f2:88:a0:3d:61:a7:a9:8c:c4:ac:90:82:f2:
+ 33:a1:b7:c1:6d:a9:96:ee:fc:cc:2f:89:8b:f5:bc:0f:
+ 8e:1f:af:79:00:b4:86:ac:d9:8b:c6:ed:e3:3d:56:a4:
+ 42:3a:45:99:18:18:38:a2:bb:dc:b1:d4:d5:81:df:f7:
+ 2d:7f:e7:cf:4c:87:6d:59:9d:76:a4:82:4f:2b:d0:33:
+ cb:64:47:20:15:6f:49:1a:ae:52:5c:72:b9:a4:1d:d7:
+ 12:7c:56:04:53:fd:8f:c3:0d:23:89:d2:58:7a:c3:e3:
+ 32:27:61:81:8d:ba:4a:de:bf:29:1a:e3:67:39:4a:79:
+ ff:54:9a:66:d6:38:01:80:a1:d6:1e:f2:34:d5:81:60:
+ ba:10:06:64:d6:df:ea:91:5b:9c:8f:6e:02:16:a8:f4:
+ 91:ee:ec:0e:2f:b5:62:32:bc:47:3a:58:e7:fc:5a:e9:
+ 63:74:30:00:cb:2d:16:7c:05:e5:b3:93:df:ab:bd:ea:
+ da:58:40:f7:31:41:fb:46:e2:8e:ef:87:47:93:84:6d
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Key Encipherment
+ Data Encipherment
+
+ Name: Extended Key Usage
+ TLS Web Client Authentication Certificate
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ d1:05:7a:c4:02:a2:e2:79:c5:b9:5e:1d:32:13:08:06:
+ 6d:c0:ed:a5:13:b6:04:26:c5:a7:71:76:5b:cc:14:46:
+ 5a:34:6b:18:a7:05:00:b0:74:31:a4:82:45:c2:a1:dc:
+ a2:6f:f0:a4:26:4d:04:e4:ca:5b:27:af:aa:eb:f5:4b:
+ 80:1c:b2:ce:91:a4:d6:e3:55:20:1b:e5:7d:1b:46:4d:
+ 7b:d4:e3:53:2b:8c:68:e1:54:03:73:fe:e6:14:03:b3:
+ fd:ea:c5:b1:36:ef:0e:61:0b:f8:9a:5c:a1:e4:10:e4:
+ de:2b:58:a9:fb:88:37:da:4b:92:f4:4b:48:a1:aa:46:
+ bf:a8:b7:a8:41:33:07:b2:b0:24:fc:23:88:cc:06:d1:
+ 45:5e:cc:c2:9a:2b:61:05:1e:31:f4:ef:a7:ed:05:1c:
+ 21:85:ab:c4:a9:13:f4:59:bc:3e:f1:c5:79:bf:1d:30:
+ d5:94:ed:eb:40:c5:05:6b:73:f7:b0:65:b7:98:1b:e4:
+ b4:d4:f1:63:d6:5a:29:01:31:f1:66:a1:52:0a:30:7a:
+ 46:e9:23:88:87:b4:05:f3:54:6f:37:e9:ba:d2:d7:3d:
+ 4b:99:bb:47:7f:cf:91:21:4f:e7:e0:34:a5:d4:6f:dc:
+ de:60:5b:2a:79:b3:f5:96:7f:c9:b0:e2:74:30:9e:3f
+ Fingerprint (MD5):
+ 33:E4:65:72:E7:73:63:F6:4D:F3:0D:1B:79:4B:51:BA
+ Fingerprint (SHA1):
+ 2B:3B:C2:42:09:1F:DC:3C:E8:DD:1C:2E:27:CB:22:34:4B:F2:2A:A9
+
+ Certificate Trust Flags:
+ SSL Flags:
+ User
+ Email Flags:
+ User
+ Object Signing Flags:
+ User
+
+</certpp>
+ <tag>subsystem</tag>
+ <dn>subsystem</dn>
+ </reqcertinfo>
+ </element>
+ <element>
+ <reqcertinfo>
+ <name>Audit Log Signing Certificate</name>
+ <req>-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMdVFBT
+IEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590Seob6Ee4+8A7ypAy0aJ9E
+8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE77XZCpnz1Ddv/fQ71CZw
+Lhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru3R7ekVngXp8VE2N5VWBC
+kWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWejtWaI7AvYuh7UWbaz+aPg
+GFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEMI1m9FDbF6dIdH/zFSXEQ
+O+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxqjA3aXrIgNMh2wFgU4fcX
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAk7D7vqIVUQPPchUR6MWoHyM3
+w5og8cRPE3nJQKPMhy+z1dBC67iTlPDM12entGVC+r4snbvNAfzibV/u9G4z
+IurRS42vLls06hCHe2+jDr2xrpHf5iM4QExQuMSFZ9+N0xXg5ytDvWLi/LtI
+YProlIaSmOdndJDQr6KPtsGb2My7a4iMBV/qVSD9A6bblbxJNPFHoiTuYj72
+7fWNT0JH2g0OmqZa5lx1o4q8dWAfKlrsMGB7OTRyJ7Y2V7FGgY50isrcxnuw
+XTCPxOQGEL2T/F5q/4F+ZyJix1SfhoQys4RBXxvQbhNvbPIAHtHg/5bcbPMN
+GNlW6BI4kN+UNRYGtQ==
+-----END NEW CERTIFICATE REQUEST-----</req>
+ <cert>-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF
+WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz
+MTEyMTE3NTQ1M1oXDTE1MTExMTE3NTQ1M1owOjEQMA4GA1UEChMHRVhBTVBM
+RTEmMCQGA1UEAxMdVFBTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590S
+eob6Ee4+8A7ypAy0aJ9E8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE
+77XZCpnz1Ddv/fQ71CZwLhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru
+3R7ekVngXp8VE2N5VWBCkWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWej
+tWaI7AvYuh7UWbaz+aPgGFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEM
+I1m9FDbF6dIdH/zFSXEQO+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxq
+jA3aXrIgNMh2wFgU4fcXAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUY6p+ucCt
+MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo
+dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v
+Y3NwMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAKPq8ro5J
+Di7LVv45eUH5AYrOiMqa10qWDr5dEqFqn7FZ3sK4A8zx/pQc+Iz3LMaaapgl
+hxXen9un2ZoAKqBJ3IES24nLr9xU+aS2vKZseGi7UZMHAxC/b3gerZvHY9p5
+CqWDPDO/ksnWikndaWvTZeqfXvqSvoJnDuwv/tCsLTTBzZ5ReTUiCAh91TXU
+4LJCl8q/+IeBOvz9g+iFwICN6FiXrq5j5GJgA/NOHwCvwMpH+lmK+H4mvUlr
+aVCWubitl7KqiepEyZAlyTuUX5t/u05xePVkaU/e3WijL6SSygcxH4Q9EQC8
+9PT07QwEbXSPXhv0n79x+Lhf4RuR4qZd4Q==
+-----END CERTIFICATE-----</cert>
+ <certpp>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 18 (0x12)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:54:53 2013
+ Not After : Wed Nov 11 17:54:53 2015
+ Subject: CN=TPS Audit Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ d0:ba:55:c6:b3:d6:2f:2a:a6:cd:a7:d2:55:e7:dd:12:
+ 7a:86:fa:11:ee:3e:f0:0e:f2:a4:0c:b4:68:9f:44:f1:
+ bc:31:75:9d:d3:3f:d7:e5:32:61:45:d7:f1:29:a7:ca:
+ e2:4f:90:54:1e:77:f5:8f:71:e9:be:28:44:ef:b5:d9:
+ 0a:99:f3:d4:37:6f:fd:f4:3b:d4:26:70:2e:1c:76:5a:
+ 10:11:42:6e:bf:d3:bf:be:5f:50:3b:4d:90:0b:30:d9:
+ 40:45:02:ae:62:af:27:17:64:6e:dd:1e:de:91:59:e0:
+ 5e:9f:15:13:63:79:55:60:42:91:66:22:45:8e:40:c6:
+ dd:61:5b:6e:77:4a:24:ee:49:c2:17:c2:67:fd:29:ea:
+ 4c:07:62:f7:45:67:a3:b5:66:88:ec:0b:d8:ba:1e:d4:
+ 59:b6:b3:f9:a3:e0:18:5b:02:2e:2f:01:f3:04:2b:88:
+ 9f:61:c8:e5:a9:cd:df:04:6a:c1:a4:d6:9b:cc:f0:ff:
+ 14:82:71:0c:23:59:bd:14:36:c5:e9:d2:1d:1f:fc:c5:
+ 49:71:10:3b:e6:d3:1a:a4:2b:8b:da:05:9d:76:c3:fb:
+ 70:98:b6:0c:7a:7f:a8:7c:b3:4a:13:4e:f5:c3:6a:4c:
+ 6a:8c:0d:da:5e:b2:20:34:c8:76:c0:58:14:e1:f7:17
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 28:fa:bc:ae:8e:49:0e:2e:cb:56:fe:39:79:41:f9:01:
+ 8a:ce:88:ca:9a:d7:4a:96:0e:be:5d:12:a1:6a:9f:b1:
+ 59:de:c2:b8:03:cc:f1:fe:94:1c:f8:8c:f7:2c:c6:9a:
+ 6a:98:25:87:15:de:9f:db:a7:d9:9a:00:2a:a0:49:dc:
+ 81:12:db:89:cb:af:dc:54:f9:a4:b6:bc:a6:6c:78:68:
+ bb:51:93:07:03:10:bf:6f:78:1e:ad:9b:c7:63:da:79:
+ 0a:a5:83:3c:33:bf:92:c9:d6:8a:49:dd:69:6b:d3:65:
+ ea:9f:5e:fa:92:be:82:67:0e:ec:2f:fe:d0:ac:2d:34:
+ c1:cd:9e:51:79:35:22:08:08:7d:d5:35:d4:e0:b2:42:
+ 97:ca:bf:f8:87:81:3a:fc:fd:83:e8:85:c0:80:8d:e8:
+ 58:97:ae:ae:63:e4:62:60:03:f3:4e:1f:00:af:c0:ca:
+ 47:fa:59:8a:f8:7e:26:bd:49:6b:69:50:96:b9:b8:ad:
+ 97:b2:aa:89:ea:44:c9:90:25:c9:3b:94:5f:9b:7f:bb:
+ 4e:71:78:f5:64:69:4f:de:dd:68:a3:2f:a4:92:ca:07:
+ 31:1f:84:3d:11:00:bc:f4:f4:f4:ed:0c:04:6d:74:8f:
+ 5e:1b:f4:9f:bf:71:f8:b8:5f:e1:1b:91:e2:a6:5d:e1
+ Fingerprint (MD5):
+ 8C:A7:63:34:2C:55:22:B5:BA:22:5E:F8:BF:36:69:93
+ Fingerprint (SHA1):
+ AC:AA:23:8E:CF:C0:A9:1C:BB:B5:1E:DC:82:D2:02:7D:0C:2B:F5:50
+
+ Certificate Trust Flags:
+ SSL Flags:
+ User
+ Email Flags:
+ User
+ Object Signing Flags:
+ Terminal Record
+ Trusted
+ User
+
+</certpp>
+ <tag>audit_signing</tag>
+ <dn>audit_signing</dn>
+ </reqcertinfo>
+ </element>
+ </reqscerts>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <secureconn>false</secureconn>
+ <securityDomain>EXAMPLE</securityDomain>
+ <select>default</select>
+ <serialNumber>13</serialNumber>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>16</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>Import Administrator Certificate</title>
+ <urls>
+ <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ <element>External CA</element>
+ </urls>
+ <urls_size>3</urls_size>
+</xml>
+Sleeping for 5 secs..
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:8443
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:8443//ca/admin/ca/getBySerial?serialNumber=13&importCert=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Server: Apache-Coyote/1.1
+RESPONSE HEADER: Content-Type: application/x-x509-user-cert
+RESPONSE HEADER: Content-Length: 1925
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:21 GMT
+RESPONSE HEADER: Connection: keep-alive
+Imported Cert=MIIHgQYJKoZIhvcNAQcCoIIHcjCCB24CAQExADAPBgkqhkiG9w0BBwGgAgQAoIIH
+UjCCA7UwggKdoAMCAQICARMwDQYJKoZIhvcNAQELBQAwMzEQMA4GA1UECgwHRVhB
+TVBMRTEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xMzExMjEx
+NzU1MTBaFw0xNDExMjExNzU1MTBaMGQxEDAOBgNVBAoMB0VYQU1QTEUxIzAhBgkq
+hkiG9w0BCQEWFHRwc2FkbWluQGV4YW1wbGUuY29tMRgwFgYKCZImiZPyLGQBAQwI
+dHBzYWRtaW4xETAPBgNVBAMMCHRwc2FkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAvS/Qy27oL6ttnTVtJ86FsmrtrJ/lJMax4P1BAFmlFyEJwOiz
+Jzo6VPVl41Pzzo3NNejnH8PYZzXVcJjAYmnq7jMb0VRwdR1jUp4eIIzA+IAeFwy+
+dpoV++OAHwZzd1Bwmi2cLEKe1EM5jjGm41/Sl+CvVSP5G29ASbjHvoENEnf38DA4
+Z5xYNgTZE67kjp45SJSCMkDS0z5FLc7KGn2twEHR8dPvjvppnmLPmT/BX3kDfzyY
+9/Sfh0964kNXmJJ1vtvp6ZDsKjw6gl33yPOpSxwWro5xiX/WmF4jCNJOmNHA+RXH
+x9BCIEdQDg2Ae5JanMFWgYHtbRrO4ERXJ3vMXwIDAQABo4GiMIGfMB8GA1UdIwQY
+MBaAFGOqfrnArTIoQO6DN+B436F+XNJEME0GCCsGAQUFBwEBBEEwPzA9BggrBgEF
+BQcwAYYxaHR0cDovL3ZtLTA4NC5pZG0ubGFiLmJvcy5yZWRoYXQuY29tOjgwODAv
+Y2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
+AQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAJWlit58qSP33zt5vStWDVmnJgzxF3
+F0mAUA1bhN9Y36Y1L7E8yqlL/rDjbZ3MfY8KkD6MkX/JPyZB5RDsnCPfblke0qzd
+pRAbSo3cZfFtSAO2PAr9I2HA2XG8Trk7OSLpXBICGvzW47y6UgXoKWRMP5+evWsa
+wknSMPUi23F1cHJSq974h4+Vbb822+q2EUCtRADfWLsIVRWcopkq1wu7emwuyTY6
+rt8vnUo41/UVQAzcUszRSXhZqd+wHCXOu59Goq1Rq1JawKMYrGII6hZOL/iOVITd
+ck/iQ3RxJcrJd1FVfWfAUUeJQ/NlwqtmEnDmSKdQ/y0EOd9Jl3i7NHh4MIIDlTCC
+An2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdFWEFNUExFMR8w
+HQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEzMTEyMTE3MDAzMFoX
+DTMzMTEyMTE3MDAzMFowMzEQMA4GA1UECgwHRVhBTVBMRTEfMB0GA1UEAwwWQ0Eg
+U2lnbmluZyBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAN+PnnAUnBRDBjppOrnUNwckrJuM85vdRA7Te/YQxDYRu51+Ge2OYYipEWTy
+PsYa+MlORipdGZH0Q1ZXw8l7Gcn+SdDRJNj5MFlYqobt4QcnfSxhvBhdSmcFHD9K
+w0zxkZbF4YAI6osXfM16I+ZxRTiK1vPE92Hi7I/ybyrD+SRfBsXMnXpSU7czDzyU
+94NBxGhaPJMNt849YPItXBbU1yPS+wUUDC04Ve3ofZrtEX2s1QFOriY6jmFAW7mD
+FQraJPoNwq0a5C8BXle9YVoX4Qv3XjwtNyMewrMe0e+avrRX2+RPWB11h2grVrGv
+yxYYQ0+89c8kmGSnDW6gq2y04ssCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBRjqn65
+wK0yKEDugzfgeN+hflzSRDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+xjAdBgNVHQ4EFgQUY6p+ucCtMihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/
+MD0GCCsGAQUFBzABhjFodHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5j
+b206ODA4MC9jYS9vY3NwMA0GCSqGSIb3DQEBCwUAA4IBAQBzcn0xO5Ju2WRkwZOa
++hd1lKg/KYtXqnOstqKUPNRThmzBlZj1vqF5rHW7ljA83F8n/vDs41TEUbKWRezI
+NYeS28nX0JwJYzTATYup9xCVmp9voV69G9kyvhj8bHBstzfoRQnOebfWLNO0CbIA
+QRruDHYhDy1beXy+1SMS+JOt4ZmeofoKme3razrWxiAr4uuGwvHr9JzXC1udjMd7
+is1A+bgN/kTVFHnVHHZW2eXncnpLwiT+Hjo400yFxmx3vu5Gq9f0KcUzjg6IkfBu
+Wyi4B5/B2Uc85f5YggQ4AU7wJ1R24skSStrWKE0QAKzxEj6vFW3OtooY7Eu+bAjA
+wPDQMQA=
+
+CRYPTO INIT WITH CERTDB:/home/edewata/Projects/pki-dev/certs/tps
+Crypto manager already initialized
+importCert string: importing with nickname: tpsadmin
+Already logged into to DB
+SUCCESS: imported admin user cert
+#############################################
+Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890
+Connected.
+Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=15&serialNumber=13&caHost=vm-084.idm.lab.bos.redhat.com&caPort=8443&op=next&xml=true
+RESPONSE STATUS: HTTP/1.1 200 OK
+RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:21 GMT
+RESPONSE HEADER: Server: Apache
+RESPONSE HEADER: Connection: close
+RESPONSE HEADER: Content-Type: text/xml
+<?xml version="1.0" encoding="UTF-8"?>
+<xml>
+ <admin_email/>
+ <admin_name>TPS Administrator</admin_name>
+ <admin_pwd/>
+ <admin_pwd_again/>
+ <admin_uid>admin</admin_uid>
+ <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn>
+ <binddn>cn=directory manager</binddn>
+ <bindpwd/>
+ <ca>false</ca>
+ <caHost>vm-084.idm.lab.bos.redhat.com</caHost>
+ <caPort>8443</caPort>
+ <caType>ca</caType>
+ <certchain>Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Issuer: CN=CA Signing Certificate,O=EXAMPLE
+ Validity:
+ Not Before: Thu Nov 21 17:00:30 2013
+ Not After : Mon Nov 21 17:00:30 2033
+ Subject: CN=CA Signing Certificate,O=EXAMPLE
+ Subject Public Key Info:
+ Public Key Algorithm: PKCS #1 RSA Encryption
+ RSA Public Key:
+ Modulus:
+ df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07:
+ 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11:
+ bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8:
+ c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9:
+ fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27:
+ 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91:
+ 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38:
+ 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f:
+ 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4:
+ 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23:
+ d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac:
+ d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24:
+ fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b:
+ f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57:
+ db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43:
+ 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb
+ Exponent: 65537 (0x10001)
+ Signed Extensions:
+ Name: Certificate Authority Key Identifier
+ Key ID:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Certificate Basic Constraints
+ Critical: True
+ Data: Is a CA with no maximum path length.
+
+ Name: Certificate Key Usage
+ Critical: True
+ Usages: Digital Signature
+ Non-Repudiation
+ Certificate Signing
+ CRL Signing
+
+ Name: Certificate Subject Key ID
+ Data:
+ 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1:
+ 7e:5c:d2:44
+
+ Name: Authority Information Access
+ Method: PKIX Online Certificate Status Protocol
+ Location:
+ URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp
+
+ Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
+ Signature:
+ 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75:
+ 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86:
+ 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f:
+ 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92:
+ db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a:
+ 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37:
+ e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee:
+ 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1:
+ 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb:
+ 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40:
+ f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72:
+ 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee:
+ 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8:
+ 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27:
+ 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e:
+ af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0
+ Fingerprint (MD5):
+ C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17
+ Fingerprint (SHA1):
+ 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1
+
+ Certificate Trust Flags:
+ SSL Flags:
+ Valid CA
+ Trusted CA
+ Trusted Client CA
+ Email Flags:
+ Valid CA
+ Trusted CA
+ Object Signing Flags:
+ Valid CA
+ Trusted CA
+
+</certchain>
+ <certchain_size>1</certchain_size>
+ <certs>
+ <element>
+ <certinfo>
+ <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>sslserver</tag>
+ <friendly>SSL Server Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>subsystem</tag>
+ <friendly>Subsystem Certificate</friendly>
+ </certinfo>
+ </element>
+ <element>
+ <certinfo>
+ <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn>
+ <tag>audit_signing</tag>
+ <friendly>Audit Log Signing Certificate</friendly>
+ </certinfo>
+ </element>
+ </certs>
+ <check_clonesubsystem/>
+ <check_newsubsystem/>
+ <csstate>1</csstate>
+ <custom_size>2048</custom_size>
+ <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database>
+ <dbg/>
+ <defTok>NSS Certificate DB</defTok>
+ <default_ecc_curvename>nistp256</default_ecc_curvename>
+ <default_keysize>2048</default_keysize>
+ <disableClone>1</disableClone>
+ <errorString/>
+ <firstpanel>0</firstpanel>
+ <firsttime>true</firsttime>
+ <fullsystemname>Token Processing System </fullsystemname>
+ <host>vm-084.idm.lab.bos.redhat.com</host>
+ <hostname>localhost</hostname>
+ <http_port>7888</http_port>
+ <https_port>7889</https_port>
+ <import>true</import>
+ <info/>
+ <instanceID>pki-tps</instanceID>
+ <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list>
+ <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list>
+ <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list>
+ <lastpanel>1</lastpanel>
+ <machineName>localhost</machineName>
+ <name>Token Processing System</name>
+ <non_clientauth_https_port>7890</non_clientauth_https_port>
+ <non_clientauth_port>7890</non_clientauth_port>
+ <oms/>
+ <p>16</p>
+ <panel>tps/admin/console/config/donepanel.vm</panel>
+ <panelname>Security Domain</panelname>
+ <panels>
+ <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element>
+ <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element>
+ <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element>
+ <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element>
+ <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element>
+ <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element>
+ <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element>
+ <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element>
+ <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element>
+ <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element>
+ <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element>
+ <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element>
+ <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element>
+ <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element>
+ <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element>
+ <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element>
+ <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element>
+ </panels>
+ <port>7889</port>
+ <portStr>389</portStr>
+ <ppcerts/>
+ <productversion>10.1.0</productversion>
+ <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect>
+ <reqscerts>
+ <element>
+ <reqcertinfo>
+ <name>SSL Server Certificate</name>
+ <req/>
+ <cert>...paste certificate here...</cert>
+ <certpp/>
+ <tag>sslserver</tag>
+ <dn>sslserver</dn>
+ </reqcertinfo>
+ </element>
+ <element>
+ <reqcertinfo>
+ <name>Subsystem Certificate</name>
+ <req/>
+ <cert>...paste certificate here...</cert>
+ <certpp/>
+ <tag>subsystem</tag>
+ <dn>subsystem</dn>
+ </reqcertinfo>
+ </element>
+ <element>
+ <reqcertinfo>
+ <name>Audit Log Signing Certificate</name>
+ <req/>
+ <cert>...paste certificate here...</cert>
+ <certpp/>
+ <tag>audit_signing</tag>
+ <dn>audit_signing</dn>
+ </reqcertinfo>
+ </element>
+ </reqscerts>
+ <restartCommand>systemctl restart pki-tpsd@pki-tps</restartCommand>
+ <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL>
+ <sdomainName>Security Domain</sdomainName>
+ <sdomainURL/>
+ <secureconn>false</secureconn>
+ <securityDomain>EXAMPLE</securityDomain>
+ <select>default</select>
+ <serialNumber>13</serialNumber>
+ <showApplyButton>false</showApplyButton>
+ <sms>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element>
+ <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element>
+ </sms>
+ <statusCommand>systemctl status pki-tomcatd@&amp;lt;security_domain_instance_name&amp;gt;.service</statusCommand>
+ <subpanelno>17</subpanelno>
+ <subsystemName>Token Processing System</subsystemName>
+ <systemname>Token Processing </systemname>
+ <title>Done</title>
+ <unsecurePort>7888</unsecurePort>
+ <urls>
+ <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element>
+ <element>External CA</element>
+ </urls>
+ <urls_size>3</urls_size>
+</xml>
+Certificate System - TPS Instance Configured
+
+#######################################################################
diff --git a/scripts/tps-configure.sh b/scripts/tps-configure.sh
index dfc3251..32b0afe 100755
--- a/scripts/tps-configure.sh
+++ b/scripts/tps-configure.sh
@@ -58,9 +58,9 @@ pkisilent ConfigureTPS \
-admin_password "$TPS_ADMIN_PASSWORD" \
-agent_key_size 2048 \
-agent_key_type rsa \
- -agent_cert_subject "$TPS_ADMIN_CERT_SUBJECT"
+ -agent_cert_subject "$TPS_ADMIN_CERT_SUBJECT" 2>&1 | tee tps-configure.out
echo $PASSWORD > "$CERTS/password.txt"
PKCS12Export -d "$CERTS" -o "$CERTS/tps-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt"
-systemctl restart pki-tpsd@$TPS_INSTANCE_NAME.service
+echo systemctl restart pki-tpsd@$TPS_INSTANCE_NAME.service
diff --git a/scripts/tps-create.sh b/scripts/tps-create.sh
index ed88bad..24e444c 100755
--- a/scripts/tps-create.sh
+++ b/scripts/tps-create.sh
@@ -1,17 +1,15 @@
#!/bin/sh -x
-pkispawn -f tps.cfg -s TPS -v 2>&1 | tee build/tps-create.log
+. ./tps-include.sh
-#. ./tps-include.sh
-
-#pkicreate -pki_instance_root=$INSTANCE_ROOT \
-# -pki_instance_name=$TPS_INSTANCE_NAME \
-# -subsystem_type=$TPS_SUBSYSTEM_TYPE \
-# -secure_port=$TPS_SECURE_PORT \
-# -non_clientauth_secure_port=$TPS_NON_CLIENTAUTH_SECURE_PORT \
-# -unsecure_port=$TPS_UNSECURE_PORT \
-# -user=$INSTANCE_USER \
-# -group=$INSTANCE_GROUP \
-# -redirect conf=/etc/$TPS_INSTANCE_NAME \
-# -redirect logs=/var/log/$TPS_INSTANCE_NAME \
-# -verbose
+pkicreate -pki_instance_root=$INSTANCE_ROOT \
+ -pki_instance_name=$TPS_INSTANCE_NAME \
+ -subsystem_type=$TPS_SUBSYSTEM_TYPE \
+ -secure_port=$TPS_SECURE_PORT \
+ -non_clientauth_secure_port=$TPS_NON_CLIENTAUTH_SECURE_PORT \
+ -unsecure_port=$TPS_UNSECURE_PORT \
+ -user=$INSTANCE_USER \
+ -group=$INSTANCE_GROUP \
+ -redirect conf=/etc/$TPS_INSTANCE_NAME \
+ -redirect logs=/var/log/$TPS_INSTANCE_NAME \
+ -verbose
diff --git a/scripts/tps-download.sh b/scripts/tps-download.sh
new file mode 100755
index 0000000..5c7303c
--- /dev/null
+++ b/scripts/tps-download.sh
@@ -0,0 +1,12 @@
+#!/bin/sh -x
+
+cd ~/Downloads
+
+BASE_URL=http://kojipkgs.fedoraproject.org/packages
+PACKAGE=pki-tps
+VERSION=10.1.0
+RELEASE=1
+OS=fc20
+
+wget $BASE_URL/$PACKAGE/$VERSION/$RELEASE.$OS/x86_64/pki-tps-$VERSION-$RELEASE.$OS.x86_64.rpm
+wget $BASE_URL/$PACKAGE/$VERSION/$RELEASE.$OS/x86_64/pki-tps-debuginfo-$VERSION-$RELEASE.$OS.x86_64.rpm
diff --git a/scripts/tps-enroll.sh b/scripts/tps-enroll.sh
new file mode 100755
index 0000000..78c9212
--- /dev/null
+++ b/scripts/tps-enroll.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+tpsclient <<EOF
+op=var_set name=ra_host value=localhost
+op=var_set name=ra_port value=7888
+op=var_set name=ra_uri value=/nk_service
+
+op=token_set cuid=a00192030405060708c9 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+
+op=ra_enroll uid=testuser num_threads=1 pwd=Secret123 new_pin=Secret123
+op=token_status
+
+op=exit
+EOF
diff --git a/scripts/tps-install.sh b/scripts/tps-install.sh
index 2fa9b7d..d6a00f4 100755
--- a/scripts/tps-install.sh
+++ b/scripts/tps-install.sh
@@ -1,9 +1,8 @@
#!/bin/sh -x
-WORK_DIR=`pwd`
PROJECT_DIR=`cd ../.. ; pwd`
-COMPONENT=tps
+BUILD_DIR=$HOME/build/pki-tps
-cd $WORK_DIR/build/$COMPONENT/repo
+cd $BUILD_DIR/repo
yum install -y *.rpm
diff --git a/scripts/tps-publish.sh b/scripts/tps-publish.sh
new file mode 100755
index 0000000..72d9bd3
--- /dev/null
+++ b/scripts/tps-publish.sh
@@ -0,0 +1,10 @@
+#!/bin/sh -x
+
+BUILD_DIR=$HOME/build/pki-tps
+mkdir -p $BUILD_DIR
+cd $BUILD_DIR
+
+REPO_DIR=/var/www/html/pub/fedora/linux/releases/20/Everything/x86_64/os
+mkdir -p $REPO_DIR
+cp repo/*.rpm $REPO_DIR
+createrepo $REPO_DIR
diff --git a/scripts/tps-remove.sh b/scripts/tps-remove.sh
index 62432bb..8d6848d 100755
--- a/scripts/tps-remove.sh
+++ b/scripts/tps-remove.sh
@@ -1,13 +1,8 @@
#!/bin/sh -x
-SRC_DIR=`cd ../.. ; pwd`
-INSTANCE_NAME=tps-master
+. ./tps-include.sh
-pkidestroy -v -s TPS -i $INSTANCE_NAME
-
-#. ./tps-include.sh
-
-#pkiremove -pki_instance_root=$INSTANCE_ROOT \
-# -pki_instance_name=$TPS_INSTANCE_NAME \
-# -force \
-# -verbose
+pkiremove -pki_instance_root=$INSTANCE_ROOT \
+ -pki_instance_name=$TPS_INSTANCE_NAME \
+ -force \
+ -verbose
diff --git a/scripts/tps-import-shared.sh b/scripts/tps-secret-import.sh
index b21cd36..b21cd36 100755
--- a/scripts/tps-import-shared.sh
+++ b/scripts/tps-secret-import.sh
diff --git a/scripts/tps-secret-list.sh b/scripts/tps-secret-list.sh
new file mode 100755
index 0000000..334514c
--- /dev/null
+++ b/scripts/tps-secret-list.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+INSTANCE_DIR=/var/lib/pki-tps
+grep "internal:" $INSTANCE_DIR/conf/password.conf | sed "s/internal://" > $INSTANCE_DIR/conf/internal.txt
+
+certutil -K -d $INSTANCE_DIR/alias -f $INSTANCE_DIR/conf/internal.txt
+
+tkstool -L -d $INSTANCE_DIR/alias -n sharedSecret -f $INSTANCE_DIR/conf/internal.txt -h all
+
diff --git a/scripts/tps-start.sh b/scripts/tps-start.sh
index 16cd506..fa70505 100755
--- a/scripts/tps-start.sh
+++ b/scripts/tps-start.sh
@@ -1,9 +1,4 @@
#!/bin/sh -x
-INSTANCE_NAME=tps-master
-
-systemctl start pki-tomcatd@$INSTANCE_NAME.service
-
-#INSTANCE_NAME=pki-tps
-
-#systemctl start pki-tpsd@$INSTANCE_NAME.service
+INSTANCE_NAME=pki-tps
+systemctl start pki-tpsd@$INSTANCE_NAME.service
diff --git a/scripts/tps-stop.sh b/scripts/tps-stop.sh
index d3eba4a..0b404d3 100755
--- a/scripts/tps-stop.sh
+++ b/scripts/tps-stop.sh
@@ -1,9 +1,4 @@
#!/bin/sh -x
-INSTANCE_NAME=tps-master
-
-systemctl stop pki-tomcatd@$INSTANCE_NAME.service
-
-#INSTANCE_NAME=pki-tps
-
-#systemctl stop pki-tpsd@$INSTANCE_NAME.service
+INSTANCE_NAME=pki-tps
+systemctl stop pki-tpsd@$INSTANCE_NAME.service
diff --git a/scripts/tps.cfg b/scripts/tps.cfg
index f0fa757..f109ca9 100644
--- a/scripts/tps.cfg
+++ b/scripts/tps.cfg
@@ -1,10 +1,5 @@
-[DEFAULT]
-pki_instance_name=tps-master
-#pki_skip_configuration=True
-
[TPS]
-pki_ajp_port=16009
-pki_admin_cert_file=/root/.dogtag/ca-master/ca_admin.cert
+pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert
pki_admin_email=tpsadmin@example.com
pki_admin_name=tpsadmin
pki_admin_nickname=tpsadmin
@@ -12,16 +7,15 @@ pki_admin_password=Secret123
pki_admin_uid=tpsadmin
pki_backup_password=Secret123
pki_ds_base_dn=dc=tps,dc=example,dc=com
-pki_ds_database=tps
pki_client_database_password=Secret123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret123
pki_clone_pkcs12_password=Secret123
pki_ds_password=Secret123
-pki_http_port=16080
-pki_https_port=16443
pki_security_domain_name=EXAMPLE
pki_security_domain_user=caadmin
pki_security_domain_password=Secret123
pki_token_password=Secret123
-pki_tomcat_server_port=16005
+pki_authdb_basedn=dc=ca,dc=example,dc=com
+pki_authdb_port=389
+pki_enable_server_side_keygen=False
generated by cgit (git 2.34.1) at 2024-04-24 14:01:14 +0000